Paper 2023/316

New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers

Senpeng Wang, State Key Laboratory of Cryptology, PLA SSF Information Engineering University
Dengguo Feng, State Key Laboratory of Cryptology
Bin Hu, PLA SSF Information Engineering University
Jie Guan, PLA SSF Information Engineering University
Ting Cui, PLA SSF Information Engineering University
Tairong Shi, PLA SSF Information Engineering University
Kai Zhang, PLA SSF Information Engineering University

Impossible differential (ID) cryptanalysis is one of the most important cryptanalytic approaches for block ciphers. How to evaluate the security of Substitution-Permutation Network (SPN) block ciphers against ID is a valuable problem. In this paper, a series of methods for bounding the length of IDs of SPN block ciphers are proposed. From the perspective of overall structure, we propose a general framework and three implementation strategies. The three implementation strategies are compared and analyzed in terms of efficiency and accuracy. From the perspective of implementation technologies, we give the methods for determining representative set, partition table and ladder and integrating them into searching models. Moreover, the rotation-equivalence ID sets of ciphers are explored to reduce the number of models need to be considered. Thus, the ID bounds of SPN block ciphers can be effectively evaluated. As applications, we show that 9-round PRESENT, 8-round GIFT-64, 12-round GIFT-128, 5-round AES, 6-round Rijndael-160, 7-round Rijndael-192, 7-round Rijndael-224, 7-round Rijndael-256 and 10-round Midori64 do not have any ID under the sole assumption that the round keys are uniformly random. The results of PRESENT, GIFT-128, Rijndael-160, Rijndael-192, Rijndael-224, Rijndael-256 and Midori64 are obtained for the first time. Moreover, the ID bounds of AES, Rijndael-160, Rijndael-192, Rijndael-224 and Rijndael-256 are infimum.

Available format(s)
Secret-key cryptography
Publication info
Impossible differentialPRESENTGIFTMidori64RijndaelAES
Contact author(s)
wsp2110 @ 126 com
2023-03-03: approved
2023-03-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Senpeng Wang and Dengguo Feng and Bin Hu and Jie Guan and Ting Cui and Tairong Shi and Kai Zhang},
      title = {New Methods for Bounding the Length of Impossible Differentials of {SPN} Block Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2023/316},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.