Paper 2022/1065

A Note on the Theoretical and Practical Security of Block Ciphers

Öznur MUT SAĞDIÇOĞLU, Institute of Applied Mathematics, Middle East Technical University, Turkey
Serhat Sağdıçoğlu, Havelsan A.Ş.
Ebru Küçükkubaş, Tübitak Bilgem Turkey

Differential cryptanalysis is one of the most effective methods for evaluating the security level of block ciphers. For this, an attacker tries to find a differential or a characteristic with a high probability that distinguishes a block cipher from a random permutation to obtain the secret key. Although it is theoretically possible to compute the probability of a differential for a block cipher, there are two problems to compute it practically. The first problem is that it is computationally impossible to compute differential probability by trying all plaintext pairs. The second problem is that the probability of a differential over all choices of the plaintext and key might be different from the probability of the differential over all plaintexts for a fixed key. Thus, to evaluate the security against the differential cryptanalysis, one must assume both the hypothesis of stochastic equivalence and the Markov model. However, the hypothesis of stochastic equivalence does not hold in general. Indeed, we show on simple ciphers that the hypothesis of stochastic equivalence does not hold. Moreover, we observe that the differential probability is not equal to the expected differential probability. For these results, we study plateau characteristics for a 4-bit cipher and a 16-bit super box. As a result, when considering differential cryptanalysis, one must be careful about the gap between the theoretical and the practical security of block ciphers.

Available format(s)
Secret-key cryptography
Publication info
Differential cryptanalysis Stochastic Equivalence Markov Ciphers Midori
Contact author(s)
oznurmut @ gmail com
2022-08-17: approved
2022-08-16: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-NoDerivs


      author = {Öznur MUT SAĞDIÇOĞLU and Serhat Sağdıçoğlu and Ebru Küçükkubaş},
      title = {A Note on the Theoretical and Practical Security of Block Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1065},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.