Paper 2021/1502

Strong and Tight Security Guarantees against Integral Distinguishers

Phil Hebborn, Baptiste Lambin, Gregor Leander, and Yosuke Todo


Integral attacks belong to the classical attack vectors against any given block ciphers. However, providing arguments that a given cipher is resistant against those attacks is notoriously difficult. In this paper, based solely on the assumption of independent round keys, we develop significantly stronger arguments than what was possible before: our main result is that we show how to argue that the sum of ciphertexts over any possible subset of plaintext is key-dependent, i.e., the non existence of integral distinguishers.

Note: Full Version with Supplementary Material

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2021
Block Cipher · Integral Distinguisher
Contact author(s)
phil hebborn @ rub de
baptiste lambin @ protonmail com
gregor leander @ rub de
yosuke todo xt @ hco ntt co jp
2021-11-15: received
Short URL
Creative Commons Attribution


      author = {Phil Hebborn and Baptiste Lambin and Gregor Leander and Yosuke Todo},
      title = {Strong and Tight Security Guarantees against Integral Distinguishers},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1502},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.