An distinguisher was constructed by utilizing a 2-round collision differential path of ALPHA-MAC, with about 2 chosen messages and 2 queries. Then, this distinguisher was used to recover the internal state([1],[2]). However, a flaw is found in the internal state recovery attack. The complexity of recovering the internal state is up to 2 exhaustive search. And the complexity of the whole attack ...

The construction of a distinguisher (Knudsen and Meier 2000) (i.e., an algorithm that is able of distinguishing a random permutation or random mapping from a given cryptographic primitive, such as a block cipher or hash function) is one of the main objectives of a cryptanalyst. Although a distinguisher may or may not be used to recover some of the plaintext or key bits, the existence of an effi...

WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as lightweight alternative to AES. It based on generalized Feistel network and achieves the smallest area footprint among ciphers in many settings. Previous analysis results include integral key-recovery attacks 21 out of 41 rounds. In this paper, we propose up 32 rounds improving both distinguisher approach substantially. For...

In 1994 Langford and Hellman introduced differential-linear cryptanalysis, which involves building a differential-linear distinguisher by concatenating a linear approximation with such a (truncated) differential that with probability 1 does not affect the bit(s) concerned by the input mask of the linear approximation. In 2002 Biham, Dunkelman and Keller presented an enhanced approach to include...

Recently, a new kind of Generalized Unbalanced Feistel Network, denoted as GUFN-n, is proposed by Choy et al. at ACISP 2009. The advantages of this structure are that it allows parallel computations for encryption and it can provide provable security against traditional differential and linear cryptanalysis given that the round function is bijective. For this new structure, the designers also f...

The Dragon stream cipher is one of the focus ciphers which have reached Phase 2 of the eSTREAM project. In this paper, we present a new method of building a linear distinguisher for Dragon. The distinguisher is constructed by exploiting the biases of two S-boxes and the modular addition which are basic components of the nonlinear function F . The bias of the distinguisher is estimated to be aro...

The known 3-round distinguisher of Rijndael-256 is byteoriented and 2 plaintexts are needed to distinguish 3-round Rijndael from a random permutation. In this paper, we consider the influence of the order of the plaintexts and present a new 3-round distinguisher which only needs 32 plaintexts.

At ASIACRYPT 2016, Xiang et al. applied MILP method to search integral distinguisher based on division property. This method handled the huge time and memory complexities which had constituted the main restriction of the bit-based division property proposed by Todo and Morri, and showed its strength through finding some longer integral distinguishers for various primitives. Although MILP-aided ...