Impossible differential cryptanalysis for block cipher structures

Jongsung Kim, Seokhie Hong, Jaechul Sung, Sangjin Lee, Jong In Lim, Soohak Sung

Research output: Contribution to journalArticle

69 Citations (Scopus)


Impossible Differential Cryptanalysis(IDC) [4] uses impossible differential characteristics to retrieve a subkey material for the first or the last several rounds of block ciphers. Thus, the security of a block cipher against IDC can be evaluated by impossible differential characteristics. In this paper, we study impossible differential characteristics of block cipher structures whose round functions are bijective. We introduce a widely applicable method to find various impossible differential characteristics of block cipher structures. Using this method, we find various impossible differential characteristics of known block cipher structures: Nyberg's generalized Feistel network, a generalized CAST256-like structure [14], a generalized MARS-like structure [14], a generalized RC6-like structure [14], and Rijndael structure.

Original languageEnglish
Pages (from-to)82-96
Number of pages15
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publication statusPublished - 2003 Dec 1



  • Block cipher structures
  • Impossible differential characteristic
  • Impossible Differential Cryptanalysis(IDC)

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science
  • Engineering(all)

Cite this