Abstract
E2, a 128-bit block cipher, is an AES candidate designed and submitted by NTT corporation. It employs a Feistel structure as global structure and 2-layer Substitution-Permutation Network structure in round function. The conservative structure makes E2 immune to kinds of current cryptanalysis. Previously, there is no result of impossible differential attacks on E2 since it was once supposed to have no more than 5-round impossible differential characteristic. In this paper, the immunity of tweaked E2 (E2 without initial transformation and final transformation) against impossible differential cryptanalysis is evaluated. We present many 6-round impossible differential characteristics of tweaked E2, by using one of which, we perform a 7-round attack on tweaked E2 with 128, 192 and 256 bits key and an 8-round attack on tweaked E2 with 256 bits key. The 7-round attack requires about 2120 chosen plaintexts and 2115.5 7-round encryptions; the 8-round attack needs 2121 chosen plaintexts and less than 2214 8-round encryptions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Knudsen, L.: DEAL — A 128-bit Block Cipher. Technical Report 151, Department of Informatics, University of Bergen, Bergen, Norway (1998)
Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)
Wu, W., Zhang, W., Feng, D.: Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia. Journal of Computer Science and Technology 22(3), 449–456 (2007)
Wu, W., Zhang, L., Zhang, W.: Improved Impossible Differential Cryptanalysis of Reduced-Round Camellia. In: Avanzi, R., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 442–456. Springer, Heidelberg (2009)
Lu, J., Kim, J., Keller, N., Dunkelman, O.: Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370–386. Springer, Heidelberg (2008)
Lu, J., Dunkelman, O., Keller, N., Kim, J.-S.: New Impossible Differential Attacks on AES. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 279–293. Springer, Heidelberg (2008)
Dunkelman, O., Keller, N.: An Improved Impossible Differential Attack on MISTY1. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 441–454. Springer, Heidelberg (2008)
Mala, H., Shakiba, M., Dakhilalian, M., Bagherikaram, G.: New Results on Impossible Differential Cryptanalysis of Reduced–Round Camellia–128. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 281–294. Springer, Heidelberg (2009)
Zhang, W., Han, J.: Impossible Differential Analysis of Reduced Round CLEFIA. In: Yung, M., Liu, P., Lin, D. (eds.) Inscrypt 2008. LNCS, vol. 5487, pp. 181–191. Springer, Heidelberg (2009)
Kim, J., Hong, S., Sung, J., Lee, S., Lim, J., Sung, S.: Impossible Differential Cryptanalysis for Block Cipher Structures. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 82–96. Springer, Heidelberg (2003)
Kanda, M., Moriai, S., Aoki, K., Ueda, H., Takashima, Y., Ohta, K., Matsumoto, T.: E2–A New 128-Bit Block Cipher. IEICE Transactions Fundamentals of Electronics, Communications and Computer Sciences E83-A(1), 48–59 (2000)
Matsui, M., Tokita, T.: Cryptanalysis of a Reduced Version of the Block Cipher E2. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 71–80. Springer, Heidelberg (1999)
Moriai, S., Sugita, M., Aoki, K., Kanda, M.: Security of E2 against Truncated Differential Cryptanalysis. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 106–117. Springer, Heidelberg (2000)
Aoki, K., Kanda, M.: Search for Impossible Differential of E2, http://csrc.nist.gov/encryption/aes/round1/comment
Sugita, M., Kobara, K., Imai, H.: Pseudorandomness and Maximum Average of Differential Probability of Block Ciphers with SPN-Structures like E2. In: Proceedings of the Second Advanced Encryption Standard Candidate Conference, pp. 200–214 (1999)
Sugita, M.: Security of Block Ciphers with SPN-Structures. Technical Report of IEICE. ISEC 98–30
Kanda, M., Takashima, Y., Matsumoto, T., Aoki, K., Ohta, K.: A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 264–279. Springer, Heidelberg (1999)
Wei, Y., Li, P., Sun, B., Li, C.: Impossible Differential Cryptanalysis on Feistel Ciphers with SP and SPS Round Functions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 105–122. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wei, Y., Yang, X., Li, C., Du, W. (2012). Impossible Differential Cryptanalysis on Tweaked E2. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-34601-9_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34600-2
Online ISBN: 978-3-642-34601-9
eBook Packages: Computer ScienceComputer Science (R0)