Paper 2018/048

Impossible Differential Cryptanalysis on Deoxys-BC-256

Alireza mehrdad, Farokhlagha Moazami, and Hadi Soleimany


Deoxys is a third-round candidate of the CAESAR competition. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round ID characteristic by utilizing a miss-in-the-middle-approach. We then present several cryptanalyses based upon the 4.5 rounds distinguisher against round-reduced Deoxys-BC-256 in both single-key and related-key settings. Our contributions include impossible differential attacks on up to 8-rounds Deoxys-BC-256 in the tweak-key model which is, to the best of our knowledge, the first independent investigation of the security of Deoxys-BC-256 in the single-key model. Our attack reaches 9 rounds in the related-key related-tweak model which has a slightly higher data complexity than the best previous results obtained by a rectangle attack presented at FSE 2018 but requires a lower memory complexity with an equal time complexity.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. The ISC International Journal of Information Security
authenticated encryptionblock cipherDeoxys-BCrelated- tweakrelated-keyimpossible differential cryptanalysis.
Contact author(s)
a mehrdad @ mail sbu ac ir
2018-08-08: revised
2018-01-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alireza mehrdad and Farokhlagha Moazami and Hadi Soleimany},
      title = {Impossible Differential Cryptanalysis on Deoxys-{BC}-256},
      howpublished = {Cryptology ePrint Archive, Paper 2018/048},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.