Cryptanalysis On Block Ciphers Structures

Block cipher is an important part of symmetric cryptography,and is of great impor-tance in information security field.And two widely used method for block cipher analysis are impossible differential(ID)and zero-correlation linear(ZC)analysis.In this paper,we propose the concept of structure and translation structure to evaluate the resistance of those two method for a cipher And we apply it to three kinds of generalized Feistel struc-tures,including SMS4-like structure,MARS-like structure and Type-I-like generalized Feistel structure.Moreover,we study Skipjack,a cipher proposed by National Security Agency(NSA),and prove that there does not exist a 25-round impossible differential of Skipjack translation structure.The main results are as follows:1.We propose the concepts of structure and translation structure,and study the propagation rules of structural differential and structural linear,which theoretically en-sure further study on differential and linear property of other structures.We prove the equivalence between structural impossible differential of Feistel structure and structural zero correlation linear of it.2.For SMS4 structure,this paper proves that the distinguishers of SMS4 proposed in ICICS 2007 and CRYPTO 2015 must be the distinguishers of SMS4 structure,which means that these distinguishers are independent of S-boxes.Further,we consider the n-branch SMS4-like structure and prove that there always exists(3n-1)-round ID and ZC distinguishers.Specially if the round function is SP-type,then we can always construct 3n-round ID and ZC distinguishers for n-branch SMS4-like-SP structure.Finally,by du-ality property between SMS4-like structure and MARS-like structure,we generalize the impossible differential(zero correlation linear)distinguishers of SMS4-like and SMS4-like-SP structures to the zero correlation linear(impossible differential)distinguishers of n-branch MARS-like and MARS-like-SP structures.3.For n-branch Type-I-like generalized Feistel structure,we point out there are onlyφ(n)equivalent permutation used in designing ciphers.For the φ(n)equivalent permuta-tion,we must always constmct(n2+n-l)-round ID distinguisher and prove that there does not exist longer round impossible differentials for Type-I-like generalized Feistel structure.In special,when the round function is SP-type,we prove that the upper bound of round of ID is n2+n+3/2rn,where r is the primitive index of the linear layer P.Sim-ilarly,considering the equivalence between structural differential and structural linear of Type-I-like generalized Feistel structure,we can generalize the results above to ZC distinguisher for Type-I-like generalized Feistel and Feistel-SP structure.4.For Skipjack translation structure,we prove that there does not exist a 25-round impossible differential.In other words,without the information of the key schedule,there only exist 24-round ID distinguishers even though the S-box is taken into consideration.Therefore,the key schedule must be considered when constructing 25-round ID distin-guishers for a full-round attack against Skipjack.