Abstract
Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two kinds of most effective tools for evaluating the security of block ciphers. In those attacks, the core step is to construct a distinguisher as long as possible. In this paper, we focus on the security of New Structure III, which is a kind of block cipher structure with excellent resistance against differential and linear attacks. While the best previous result can only exploit one-round linear layer P to construct impossible differential and zero-correlation linear distinguishers, we try to exploit more rounds to find longer distinguishers. Combining the Miss-in-the-Middle strategy and the characteristic matrix method proposed at EUROCRYPT 2016, we could construct 23-round impossible differentials and zero-correlation linear hulls when the linear layer P satisfies some restricted conditions. To our knowledge, both of them are 1 round longer than the best previous works concerning the two cryptanalytical methods. Furthermore, to show the effectiveness of our distinguishers, the linear layer of the round function is specified to the permutation matrix of block cipher SKINNY which was proposed at CRYPTO 2016. Our results indicate that New Structure III has weaker resistance against impossible differential and zero-correlation linear attacks, though it possesses good differential and linear properties.
Highlights
Block cipher structures are regarded as the backbones of block ciphers
Inspired by the characteristic matrix method used at EUROCRYPT 2016 [27], we study the security against impossible differential and zero-correlation linear attacks of New Structures III with SP type round functions in this paper. e distinguishers are constructed in two steps
Impossible differentials and zero-correlation linear hulls of New Structure III will be constructed in Sections 3 and 4, respectively
Summary
Block cipher structures are regarded as the backbones of block ciphers. When designing a new block cipher, the first step is to choose a proper structure. Differential and linear attacks of Type-II GFS were evaluated by counting the number of active S-boxes. In 2011, Wu and Wang [24] put forward a unified method to assess the lower bounds of the minimal number of differential active S-boxes for block cipher structures. Apart from the resistance against differential and linear cryptanalysis, the security evaluation of New Structure family mainly concentrates on the impossible differential and zero-correlation linear attacks. Inspired by the characteristic matrix method used at EUROCRYPT 2016 [27], we study the security against impossible differential and zero-correlation linear attacks of New Structures III with SP type round functions in this paper. Impossible differentials and zero-correlation linear hulls of New Structure III will be constructed in Sections 3 and 4, respectively.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
