• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.77-85
• /
• 2002

We present the impossible differential cryptanalysis of the block cipher XTEA[7] and TEA[6]. The core of the design principle of these block ciphers is an easy implementation and a simplicity. But this simplicity dose not offer a large diffusion property. Our impossible differential cryptanalysis of reduced-round versions of XTEA and TEA is based on this fact. We will show how to construct a 12-round impossible characteristic of XTEA. We can then derive 128-bit user key of the 14-round XTEA with $2^{62.5}$ chosen plaintexts and $2^{85}$ encryption times using the 12-round impossible characteristic. In addition, we will show how to construct a 10-round impossible characteristic or TEA. Then we can derive 128-bit user key or the 11-round TEA with $2^{52.5}$ chosen plaintexts and $2^{84}$ encryption times using the 10-round impossible characteristic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.427-437
• /
• 2017

Impossible differential characteristics distinguish the corresponding block cipher from random substitution and can also be used for key recovery attack. Recently Cui et al. proposed an automatic method for searching impossible differential characteristics of several ARX - based block ciphers using Mixed Integer Linear Programming(MILP). By optimizing the method proposed by Cui et al., It was possible to find new impossible differential characteristics which could not be founded by the method by using less linear constraint expression than the existing method. It was applied to the SPECK family and LEA using the modified method. We found 7-rounds for SPECK32, SPECK48, SPECK64, SPECK96 and 8-rounds impossible differential characteristics of SPECK128. These impossible differential characteristics are all newly found. We also found existing 10-rounds of impossible differential characteristic and new 10-rounds of impossible differential characteristics of LEA.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.10
• /
• pp.3624-3637
• /
• 2014

At SAC 2004, Junod and Vaudenay designed the FOX family based on the Lai-Massey scheme. They noted that it was impossible to find any useful differential characteristic or linear trail after 8 rounds of FOX64 or FOX128. In this paper, we provide the lower bound of differentially active S-boxes in consecutive rounds of the Lai-Massey scheme that has SPS as its F-function, and we propose the necessary conditions for the reachability of the lower bound. We demonstrate that similar results can be obtained with respect to the lower bound of linearly active S-boxes by proving the duality in the Lai-Massey scheme. Finally, we apply these results to FOX64 and FOX128 and prove that it is impossible to find any useful differential characteristics or linear trail after 6 rounds of FOX64. We provide a more precise security bound for FOX128.

• 제어로봇시스템학회:학술대회논문집
• /
• 1989.10a
• /
• pp.943-946
• /
• 1989

The channel irregularity of Successive Approximation ADC is very large in comparison with other type of ADCs. This characteristic makes it impossible to apply the Successive Approximation ADC to the field of radiation pulse height analysis or the measurement of probability density function. In this paper, an analysis of differential non-linearity of this ADC-is presented. It is made clear that the small deviation of resistance causes very large differential non-linearity.