Impossible differential cryptanalysis on tweaked E2

Authors:
Yuechuan Wei;Xiaoyuan Yang;Chao Li;Weidong Du
Affiliations:
Electronics Technology Department, Engineering University of Armed Police Force, Xi'an, China;Electronics Technology Department, Engineering University of Armed Police Force, Xi'an, China;Science College of National University of Defense Technology, Changsha, China;Electronics Technology Department, Engineering University of Armed Police Force, Xi'an, China
Venue:
NSS'12 Proceedings of the 6th international conference on Network and System Security
Year:
2012

Citing 12
Cited 0

A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis

SAC '98 Proceedings of the Selected Areas in Cryptography
Security of E2 against Truncated Differential Cryptanalysis

SAC '99 Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography
Cryptanalysis of a Reduced Version of the Block Cipher E2

FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Impossible differential cryptanalysis of reduced-round ARIA and Camellia

Journal of Computer Science and Technology
New Impossible Differential Attacks on AES

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
An Improved Impossible Differential Attack on MISTY1

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Impossible Differential Analysis of Reduced Round CLEFIA

Information Security and Cryptology
Improved Impossible Differential Cryptanalysis of Reduced-Round Camellia

Selected Areas in Cryptography
New Results on Impossible Differential Cryptanalysis of Reduced---Round Camellia---128

Selected Areas in Cryptography
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1

CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Impossible differential cryptanalysis on feistel ciphers with SP and SPS round functions

ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security

Quantified Score

Hi-index	0.00

Visualization

Abstract

E2, a 128-bit block cipher, is an AES candidate designed and submitted by NTT corporation. It employs a Feistel structure as global structure and 2-layer Substitution-Permutation Network structure in round function. The conservative structure makes E2 immune to kinds of current cryptanalysis. Previously, there is no result of impossible differential attacks on E2 since it was once supposed to have no more than 5-round impossible differential characteristic. In this paper, the immunity of tweaked E2 (E2 without initial transformation and final transformation) against impossible differential cryptanalysis is evaluated. We present many 6-round impossible differential characteristics of tweaked E2, by using one of which, we perform a 7-round attack on tweaked E2 with 128, 192 and 256 bits key and an 8-round attack on tweaked E2 with 256 bits key. The 7-round attack requires about 2120 chosen plaintexts and 2115.5 7-round encryptions; the 8-round attack needs 2121 chosen plaintexts and less than 2214 8-round encryptions.