Impossible differential cryptanalysis of SPN ciphers

Impossible differential cryptanalysis of SPN ciphers

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Impossible differential cryptanalysis is a very popular tool for analysing the security of modern block ciphers and the core of such attack is based on the existence of impossible differentials. Currently, most methods for finding impossible differentials are based on the miss-in-the-middle technique and they are very ad hoc. In this study, the authors concentrate on substitution–permutation network (SPN) ciphers whose diffusion layer is defined by a linear transformation P. Based on the theory of linear algebra, the authors propose several criteria on P and its inversion P-1 to characterise the existence of 3/4-round impossible differentials. The authors further discuss the possibility to extend these methods to analyse 5/6-round impossible differentials. Using these criteria, impossible differentials for reduced-round Rijndael are found that are consistent with the ones found before. New 4-round impossible differentials are discovered for block cipher ARIA. Many 4-round impossible differentials are firstly detected for a kind of SPN cipher that employs a 32×32 binary matrix proposed at ICISC 2006 as its diffusion layer. It is concluded that the linear transformation should be carefully designed in order to protect the cipher against impossible differential cryptanalysis.


    1. 1)
      • Knudsen, L.R.: `DEAL – A 128-bit block cipher', 151, Technical, February 1998.
    2. 2)
      • Biham, E., Biryukov, A., Shamir, A.: `Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials', Proc. Advances in Cryptology, EUROCRYPT'99, 1999, p. 12–23, (LNCS, 2595).
    3. 3)
      • Dunkelman, O., Keller, N.: `An improved impossible differential attack on MISTY1', Proc. Advances in Cryptology, ASIACRYPT 2008, 2008, p. 441–454, (LNCS, 5350).
    4. 4)
      • Lu, J., Dunkelman, O., Keller, N., Kim, J.: `New impossible differential attacks on AES', Proc. INDOCRYPT 2008, 2008, p. 279–293, (LNCS, 5365).
    5. 5)
      • Lu, J., Kim, J., Keller, N., Dunkelman, O.: `Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1', Proc. CT-RSA 2008, 2008, p. 370–386, (LNCS, 4904).
    6. 6)
    7. 7)
      • Zhang, W., Wu, W., Feng, D.: `New results on impossible differential cryptanalysis of reduced AES', Proc. ICISC 2007, 2007, p. 239–250, (LNCS, 4817).
    8. 8)
      • Biham, E., Biryukov, A., Shamir, A.: `Miss in the middle attacks on IDEA, and Khufu', Proc. Fast Software Encryption, FSE'99, 1999, p. 124–138, (LNCS, 1636).
    9. 9)
      • Kim, J., Hong, S., Sung, J., Lee, S., Lim, J., Sung, S.: `Impossible differential cryptanalysis for block cipher structures', Proc. INDOCRYPT 2003, 2003, p. 82–96, (LNCS, 2904).
    10. 10)
      • Wei, Y., Li, P., Sun, B., Li, C.: `Impossible differential cryptanalysis on Feistel ciphers with SP and SPS round functions', Proc. ACNS 2010, 2010, p. 105–122, (LNCS, 6123).
    11. 11)
      • C.E. Shannon . Communication theory of secrete system. Bell Syst. Tech. J. , 4 , 656 - 715
    12. 12)
      • Bogdanov, A., Knudsen, L.R., Leander, G.: `PRESENT: an ultra-lightweight block cipher', Proc. Cryptographic Hardware and Embedded Systems, CHES 2007, 2007, p. 450–466, (LNCS, 4727).
    13. 13)
      • (2001) FIPS-197: Advanced Encryption Standard (AES).
    14. 14)
      • Kwon, D., Kim, J., Park, S.: `New block cipher: ARIA', Proc. ICISC 2003, 2004, p. 432–445, (LNCS, 2971).
    15. 15)
      • Koo, B., Jang, H., Song, J.: `On constructing of a 32×32 binary matrix as a diffusion layer for a 256-bit block cipher', Proc. ICISC 2006, 2006, p. 51–64, (LNCS, 4296).
    16. 16)
      • Li, R., Sun, B., Zhang, P., Li, C.: `New impossible differential cryptanalysis of ARIA', 2008/227, Cryptology ePrint Archive report, 2008,
    17. 17)
      • J. Daemen , V. Rijmen . (2002) The desigh of Rijndael – AES, the advanced encryption standard.
    18. 18)
      • Jr, J.N., Pavão, I.C.: `Impossible differential attacks on large-block Rijndael', Proc. ISC 2007, 2007, p. 104–117, (LNCS, 4779).
    19. 19)
      • Zhang, L., Wu, W., Park, J., Koo, B., Yeom, Y.: `Improved impossible differential attacks on large-block Rijndael', Proc. ISC 2008, 2008, p. 298–315, (LNCS, 5222).
    20. 20)
      • Koo, B., Jang, H., Song, J.: `Constructing and cryptanalysis of a 16 × 16 binary matrix as a diffusion layer', Proc. WISA 2003, 2003, p. 489–503, (LNCS, 2908).

Related content

This is a required field
Please enter a valid email address