Construction And Application Of Impossible Differentials Of Block Ciphers

Block cipher is an important symmetric-key primitive.Among cryptanalytic meth-ods for evaluating the security of block ciphers,impossible differential cryptanalysis is a very effective method.In this thesis,we choose block cipher as our research target,and focus on the theory of impossible differential cryptanalysis as well as its applications.In terms of structure impossible differential cryptanalysis,firstly,for Fantomas and Robin which are based on LS-designs,we construct impossible differentials which cover more rounds than the ones originally found by the designers with the guidance of the known theory of structure impossible differential.Secondly,for two special SPN structures,we improve the restriction conditions in the upper bound of structure impossible differen-tial and generalise the upper bound to cover more block ciphers.At last,for bit-based block ciphers,we propose the concept of diffusion matrix.Taking SIMON-like ciphers as example,we build the link between the impossible differentials and the zero correlation linear hulls.As a result,structure impossible differential becomes applicable to a wider range of block ciphers.In addition,given that the details of the nonlinear layers have no influence on structure impossible differential,to construct longer impossible differentials,one has to take the details of the nonlinear layers into consideration.In terms of impos-sible differentials of ciphers,we consider the nonlinear layers of the following ciphers to improve impossible differentials:Kuznyechik and PHOTON permutation which take SPN structure,MISTY structure and CSA-BC which takes generalized Fesitel structure.Our results are as follows.1.For Fantomas and Robin,we construct 4-round impossible differentials which are1 round longer than the ones originally found by the designers.Moreover,we can attack the ciphers reduced to 6 rounds with the 4-round impossible differentials.Both of the attacks require 2¹¹⁹chosen plaintexts,2^101.81encryptions and 2⁸⁸units.2.For two special SPN structures,we improve the restriction conditions in the upper bound of structure impossible differential from m≤2^n-1-1,d≤2^n-1-1 to m≤2ⁿ-2,d≤2ⁿ-3,respectively,where n denotes the size of Sbox,m denotes the size of MDS matrix,d denotes the size of MixColumn matrix.Our results expand the range of block ciphers that the upper bound of structure impossible differential can be applied to.3.For bit-based SIMON-like ciphers,by proposing the concept of diffusion ma-trix,we prove that the equivalence between impossible differentials of a SIMON-like cipher and zero correlation linear hulls of the original cipher as well as its dual cipher.Furthermore,we show that impossible differentials and zero correlation linear hulls of SIMON-like ciphers which are based on bit-level contradictions can be constructed with the properties of diffusion matrix.4.For Kuznyechik and PHOTON permutation which take special SPN structures,by exploiting the difference distribution table of the Sbox,we construct 3-round impossible differentials for Kuznyechik and 5-round impossible differentials for PHOTON permuta-tion,respectively.The new distinguishers improve the corresponding structure impossible differentials by 1 round.5.For MISTY structure and CSA-BC,we first prove that the longest structure impos-sible differential cover 4 rounds of MISTY structure.And sufficient conditions are given when MISTY structure exists 5/6-round impossible differentials of ciphers.For CSA-BC,we construct 21/22-round impossible differentials with the details of Sbox,which are 1round and 2 rounds longer than the best result in previous literature,respectively.Fur-thermore,we use the 22-round impossible differential to attack 25-round CSA-BC.The data complexity,time complexity and storage complexity of our attack are 2^53.3chosen plaintexts,2^32.5encryptions and 2²⁴units,respectively.