Paper 2016/349

Note on Impossible Differential Attacks

Patrick Derbez


While impossible differential cryptanalysis is a well-known and popular cryptanalytic method, errors in the analysis are often discovered and many papers in the literature present flaws. Wishing to solve that, Boura \textit{et al.} presented at ASIACRYPT'14 a generic vision of impossible differential attacks with the aim of simplifying and helping the construction and verification of this type of cryptanalysis. In particular, they gave generic complexity analysis formulas for mounting such attacks and develop new ideas for optimizing them. In this paper we carefully study this generic formula and show impossible differential attacks for which the real time complexity is much higher than estimated by it. In particular, we show that the impossible differential attack against 25-round TWINE-128, presented at FSE'15 by Biryukov \textit{et al.}, actually has a complexity higher than the natural bound of exhaustive search.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in FSE 2016
truncated impossible differentialcryptanalysisblock cipherTWINEcomplexity
Contact author(s)
patrick derbez @ irisa fr
2016-04-01: received
Short URL
Creative Commons Attribution


      author = {Patrick Derbez},
      title = {Note on Impossible Differential Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2016/349},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.