Differential Cryptanalysis of the Full 16-Round DES
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
On Probability of Success in Linear and Differential Cryptanalysis
Journal of Cryptology
Differential cryptanalysis of a reduced-round SEED
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Differential cryptanalysis of eight-round SEED
Information Processing Letters
Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.89 |
The SEED block cipher has a 128-bit block length, a 128-bit user key and a total number of 16 rounds. It is an ISO international standard. In this letter, we describe two 7-round differentials with a trivially larger probability than the best previously known one on SEED, and present a differential cryptanalysis attack on a 9-round reduced version of SEED. The attack requires a memory of 2^6^9^.^7^1 bytes, and has a time complexity of 2^1^2^6^.^3^6 encryptions with a success probability of 99.9% when using 2^1^2^5 chosen plaintexts, or a time complexity of 2^1^2^5^.^3^6 encryptions with a success probability of 97.8% when using 2^1^2^4 chosen plaintexts. Our result is better than any previously published cryptanalytic results on SEED in terms of the numbers of attacked rounds, and it suggests for the first time that the safety margin of SEED decreases below half of the number of rounds.