In Asiacrypt 2010, Knellwolf, Meier and Naya-Plasencia proposed distinguishing attacks on Grain v1 when (i) Key Scheduling process is reduced to 97 rounds using 2 chosen IVs and (ii) Key Scheduling process is reduced to 104 rounds using 2 chosen IVs. Using similar idea, Banik obtained a new distinguisher for 105 rounds. In this paper, we show similar approach can work for 106 rounds. We present...

We present two block cipher distinguishers in a setting where the attacker knows the key. One is a distinguisher for AES reduced the seven rounds. The second is a distinguisher for a class of Feistel ciphers with seven rounds. This setting is quite different from traditional settings. We present an open problem: the definition of a new notion of security that covers attacks like the ones we pre...

NLS is one of the stream ciphers submitted to the eSTREAM project. We present a distinguishing attack on NLS by Crossword Puzzle (CP) attack method which is newly introduced in this paper. We build the distinguisher by using linear approximations of both the non-linear feedback shift register (NFSR) and the nonlinear filter function (NLF). Since the bias of the distinguisher depends on the Kons...

We improve on the best known cryptanalysis of the stream cipher Py by using a hidden Markov model for the carry bits in addition operations where a certain distinguishing event takes place, and constructing from it an “optimal distinguisher” for the bias in the output bits which makes more use of the information available. We provide a general means to efficiently measure the efficacy of such a...

We present a cryptanalysis of the ASASA public key cipher introduced at Asiacrypt 2014 [3]. This scheme alternates three layers of affine transformations A with two layers of quadratic substitutions S. We show that the partial derivatives of the public key polynomials contain information about the intermediate layer. This enables us to present a very simple distinguisher between an ASASA public...

CLEFIA is a 128-bit block cipher proposed by Sony Corporation in 2007. Our paper introduces a new chosen text attack, impossible differential-linear attack, on iterated cryptosystems. The attack is efficient for 16-round CLEFIA with whitening keys. In the paper, we construct a 13-round impossible differential-linear distinguisher. Based on the distinguisher, we present an effective attack on 16...

This paper deals with linear approximations having absolute bias smaller than 2− n 2 which were previously believed to be unusable for a linear attack. We show how a series of observations which are individually not statistically significant can be used to create a χ distinguisher. This is different from previous works which combined a series of significant observations to reduce the data compl...

Piccolo is a lightweight block cipher designed by Sony Corporation and published in CHES 2011. It inherits the Generalized Feistel Network (GFN) structure and operates on a 64-bit state. It has two versions; Piccolo-80 and Piccolo-128 with 80-bit and 128-bit keys, respectively. In this paper, we propose meet-in-the-middle attacks on 14-round reduced Piccolo-80 and 16, 17-round reduced Piccolo-1...

In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function FO of the KASUMI block cipher. We show that the differential and linear probabilities of any n + 1 rounds of an n-cell GF-NLFSR are both bounded by p, where the corresponding probability of the round function is p. Besides analyzing security against dif...

A fresh view at the question of randomness was taken in the theory of computing: It has been postulated that a distribution is pseudorandom if it cannot be told apart from the uniform distribution by any e cient procedure. This paradigm, originally associating e cient procedures with polynomial-time algorithms, has been applied also with respect to a variety of other classes of distinguishing p...