Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials

  title={Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials},
  author={Eli Biham and Alex Biryukov and Adi Shamir},
  journal={Journal of Cryptology},
AbstractIn this paper we present a cryptanalytic technique, based on impossible differentials. We use it to show that recovering keys of Skipjack reduced from 32 to 31 rounds can be performed faster than exhaustive search. We also describe the Yoyo game (a tool that can be used against reduced-round Skipjack), and other properties of Skipjack. 
Impossible differential cryptanalysis of LBlock through breaking down the key space
A new method for impossible differential cryptanalysis of LBlock is represented through breaking down the target key space into independent subspaces, and extending the results of searches to the main targetKey space.
The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA
  • C. Tezcan
  • Mathematics, Computer Science
  • 2010
This paper presents a new statistical cryptanalytic technique that is called improbable differential cryptanalysis which uses a differential that is less probable when the correct key is used and shows a method to expand impossible differentials to improbable differentials.
Cryptanalysis of Block Ciphers Using Almost-Impossible Differentials
A model to use differentials that are less probable than a random permutation is presented, and it is discussed that this change in the impossible differential cryptanalysis is commodious and rational when the data complexity is low and time complexity is marginal.
New Impossible Differential Cryptanalysis of ARIA
This paper improves the previous impossible differential attack on 5/6-round ARIA and points out that the existence of such impossible differentials are due to the bad properties of the binary matrix employed in the diffusion layer.
Impossible Differential Cryptanalysis of Reduced-Round LBlock
This paper improves the impossible differential attack on 20-round LBlock given in the design paper of the LBlock cipher using relations between the round keys and uses the same 14-round impossible differential characteristic observed by the designers to attack on 21 rounds.
On insecurity of 4-round Feistel ciphers
This article shows that 4-round DES-like cipher is inherently insecure with a practical attack based on impossible differentials, and proposes a new Feistel cipher that uses only 4 rounds.
Cryptanalysis of CLEFIA using multiple impossible differentials
It is possible to apply impossible differential attacks to 12-round, 13-round and 14-round CLEFIA for key lengths of 128, 192 and 256 bits, and this attack is the most efficient compared with previous results.
Quantum impossible differential and truncated differential cryptanalysis
The approach treats the first $r-1$ rounds of the cipher as a whole and applies BV algorithm on them directly and extending the number of rounds is not a problem for the algorithm.
Improved Impossible Differential Attacks against Round-Reduced LBlock
By applying this method, the best (non-exhaustive search like) cryptanalysis of this function in the single-key model is able to break 23 rounds of LBlock with time complexity $2^{75.36}$ and data complexity £2^{59}$.
Combined Differential and Linear Cryptanalysis of Reduced-Round PRINTcipher
This paper analyzes the security of PRINTcipher using a technique that combines differential and linear cryptanalysis and shows that specific choices of some of the key bits give rise to a certain differential characteristic probability, which is far higher than the best characteristic probability claimed by the designers.


Markov Truncated Differential Cryptanalysis of Skipjack
It is proved that an attacker with one random truncated differential from each of 2128 independently-keyed encryption oracles has advantage of less than 2-16 in distinguishing whether the oracles are random permutations or the Skipjack algorithm.
Flaws in differential cryptanalysis of Skipjack
  • L. Granboulan
  • Mathematics, Computer Science
    IACR Cryptol. ePrint Arch.
  • 2001
This revised version of the paper includes the exact computations of some probabilities and repairs the attack of the first half of Skipjack.
Miss in the Middle Attacks on IDEA and Khufu
The application of a new cryptanalytic technique based on impossible differentials to the block ciphers IDEA and Khufu shows that it is applicable to a larger class of cryptosystems, and develops new technical tools for applying it in new situations.
Truncated Differentials and Skipjack
A range of attacks on reduced-round variants of the block cipher Skipjack are considered and it is shown that the techniques used by Biham et al. can be presented in terms of truncated differentials and that there exists a 24-round truncated differential that holds with probability one.
Miss in the Middle Attacks on IDEA, Khufu and Khafre
The application of a new cryptanalytic technique based on impossible diierentials to the block ciphers IDEA, Khufu and Khafre shows that it is applicable to a larger class of cryptosystems, and develops new technical tools for applying it in new situations.
Saturation Attacks on Reduced Round Skipjack
Saturation attacks on reduced-round versions of Skipjack are described, which shows how to construct a 16-round distinguisher which distinguishes 16 rounds of SkipJack from a random permutation.
Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR
It is concluded that Skipjack does not have a conservative design with a large margin of safety, and a new cryptographic tool is presented, which is called the Yoyo game, and efficient attacks on Skipjack reduced to 16 rounds.
Two Attacks on Reduced IDEA
Two new attacks on a reduced number of rounds of IDEA (International Data Encryption Algorithm) are given: a truncated differential attack on IDEA reduced to 3.5 rounds and a differential-linear attack that contains a novel method for determining the secret key.
Cryptanalysis of Ladder-DES
  • E. Biham
  • Computer Science, Mathematics
  • 1997
Feistel ciphers are very common and very important in the design and analysis of blockciphers, especially due to four reasons: (1) Many (DES-like) ciphers are based on Feistel’s construction. (2)
Differential cryptanalysis of Lucifer
A new extension of differential cryptanalysis is devised to extend the class of vulnerable cryptosystems, and suggests key-dependent characteristics, called conditional characteristics, selected to increase the characteristics' probabilities for keys in subsets of the key space.