Security of E2 against Truncated Differential Cryptanalysis

  • Authors:

  • Shiho Moriai;Makoto Sugita;Kazumaro Aoki;Masayuki Kanda

  • Affiliations:

  • -;-;-;-

  • Venue:
  • SAC '99 Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography
  • Year:
  • 1999

Quantified Score

Hi-index 0.00

Visualization

Abstract

. This paper studies the security offered by the block cipher E2 against truncated differential cryptanalysis. At FSE'99 Matsui and Tokita showed a possible attack on an 8-round variant of E2 without IT-Function (the initial transformation) and FT-Function (the final transformation) based on byte characteristics. To evaluate the security against attacks using truncated differentials, which mean bytewise differentials in this paper, we searched for all truncated differentials that lead to possible attacks for reduced-round variants of E2. As a result, we conformed that there exist no such truncated differentials for E2 with more than 8 rounds. However, we found another 7-round truncated differential which lead to another possible attack on an 8-round variant of E2 without IT-or FT-Function with less complexity. We also found that the 7-round truncated differential is useful to distinguish a 7-round variant of E2 with IT- and FT-Functions from a random permutation. In spite of our severe examination, this type of cryptanalysis fails to break the full E2. We believe that this means that the full E2 offers strong security against this truncated differential cryptanalysis.