{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T05:52:51Z","timestamp":1757310771408},"reference-count":29,"publisher":"Oxford University Press (OUP)","issue":"2","license":[{"start":{"date-parts":[[2023,3,9]],"date-time":"2023-03-09T00:00:00Z","timestamp":1678320000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,2,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Whether a block cipher can resist impossible differential attack is an important basis to evaluate the security of a block cipher. However, the length of impossible differentials is important for the security evaluation of block ciphers. Most of the previous studies are based on structural cryptanalysis to find the impossible differential, and the structural cryptanalysis covers a lot of specific cryptanalytic vectors which are independent of the nonlinear S-boxes. In this paper, we study the maximum length of the impossible differential of an Advanced Encryption Standard-like cipher in the setting with the details of S-boxes. Inspired by the \u2018Divide-and-Conquer\u2019 technique, we propose a new technique called Reduced Block, which combines the details of the S-box. With this tool, the maximum length of impossible differentials can be proven under reasonable assumptions. As applications, we use this tool on uBlock and Midori. Consequently, we prove that for uBlock-128, uBlock-256 and Midori-64, there are no impossible five-round, six-round and seven-round differentials with one active input nibble and one active output nibble, even when considering the details of S-boxes. Furthermore, we reveal some properties of the uBlock S-box and linear layer and demonstrate theoretically that there are no impossible differentials longer than four rounds for uBlock-128 under the assumption that the round keys are independent and uniformly random. This study might provide some insight into the bounds of the length of impossible differentials.<\/jats:p>","DOI":"10.1093\/comjnl\/bxad009","type":"journal-article","created":{"date-parts":[[2023,3,10]],"date-time":"2023-03-10T12:26:08Z","timestamp":1678451168000},"page":"674-687","source":"Crossref","is-referenced-by-count":2,"title":["Explicit Upper Bound Of Impossible Differentials For AES-Like Ciphers: Application To uBlock And Midori"],"prefix":"10.1093","volume":"67","author":[{"given":"Li","family":"Zhang","sequence":"first","affiliation":[{"name":"Trusted Computing and Information Assurance Laboratory, Institute of Software Chinese Academy of Sciences , Beijing 100190 , China"},{"name":"State Key Laboratory of Cryptology , Beijing 100878 , China"},{"name":"University of Chinese Academy of Sciences , Beijing 100049 , China"}]},{"given":"Yu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Trusted Computing and Information Assurance Laboratory, Institute of Software Chinese Academy of Sciences , Beijing 100190 , China"},{"name":"University of Chinese Academy of Sciences , Beijing 100049 , China"}]},{"given":"Wenling","family":"Wu","sequence":"additional","affiliation":[{"name":"Trusted Computing and Information Assurance Laboratory, Institute of Software Chinese Academy of Sciences , Beijing 100190 , China"},{"name":"University of Chinese Academy of Sciences , Beijing 100049 , China"},{"name":"Zhongguancun Laboratory , Beijing 100094 , China"}]},{"given":"Yongxia","family":"Mao","sequence":"additional","affiliation":[{"name":"Trusted Computing and Information Assurance Laboratory, Institute of Software Chinese Academy of Sciences , Beijing 100190 , China"},{"name":"University of Chinese Academy of Sciences , Beijing 100049 , China"}]},{"given":"Yafei","family":"Zheng","sequence":"additional","affiliation":[{"name":"Trusted Computing and Information Assurance Laboratory, Institute of Software Chinese Academy of Sciences , Beijing 100190 , China"},{"name":"State Key Laboratory of Cryptology , Beijing 100878 , China"},{"name":"Zhongguancun Laboratory , Beijing 100094 , China"}]}],"member":"286","published-online":{"date-parts":[[2023,3,9]]},"reference":[{"key":"2024021913330454000_ref1","first-page":"343","article-title":"Rijndael for AES","volume-title":"The Third Advanced Encryption Standard Candidate Conference","author":"Daemen","year":"2000"},{"key":"2024021913330454000_ref2","first-page":"252","article-title":"3D: A three-dimensional block cipher","volume-title":"Cryptology and Network Security, 7th International Conference, CANS 2008","author":"Nakahara","year":"2008"},{"key":"2024021913330454000_ref3","first-page":"67","article-title":"The design of a stream cipher LEX","volume-title":"Selected Areas in Cryptography, 13th International Workshop, SAC 2006","author":"Biryukov","year":"2006"},{"key":"2024021913330454000_ref4","first-page":"72","article-title":"PAEQ: parallelizable permutation-based authenticated encryption","volume-title":"Information Security - 17th International Conference, ISC 2014","author":"Biryukov","year":"2014"},{"key":"2024021913330454000_ref5","first-page":"511","article-title":"Pholkos - Efficient Large-State Tweakable Block Ciphers from the AES","volume-title":"Cryptographers\u2019 Track at the RSA Conference 2022, Virtual Event","author":"Bossert","year":"2020"},{"key":"2024021913330454000_ref6","first-page":"216","article-title":"DEAL-a 128-bit block cipher","volume":"258","author":"Knudsen","year":"1998","journal-title":"Complexity"},{"key":"2024021913330454000_ref7","first-page":"12","article-title":"Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials","volume-title":"International Conference on the Theory and Applications of Cryptographic Techniques","author":"Biham","year":"1999"},{"key":"2024021913330454000_ref8","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1049\/iet-ifs.2016.0488","article-title":"Impossible differential attacks on the SKINNY family of block ciphers","volume":"11","author":"Yang","year":"2017","journal-title":"IET Inf. Secur."},{"key":"2024021913330454000_ref9","first-page":"80","article-title":"New impossible differential attacks on Camellia","volume-title":"International Conference on Information Security Practice and Experience, ISPEC 2012","author":"Bai","year":"2012"},{"key":"2024021913330454000_ref10","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1587\/transfun.E101.A.88","article-title":"On the design rationale of SIMON block cipher: integral attacks and impossible differential attacks against SIMON variants","volume":"E101.A","author":"Kondo","year":"2018","journal-title":"IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences"},{"key":"2024021913330454000_ref11","doi-asserted-by":"crossref","first-page":"988","DOI":"10.1016\/j.disc.2009.10.019","article-title":"Impossible differential cryptanalysis using matrix method","volume":"310","author":"Kim","year":"2010","journal-title":"Discrete Math."},{"key":"2024021913330454000_ref12","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1016\/j.ins.2013.08.051","article-title":"A unified method for finding impossible differentials of block cipher structures","volume":"263","author":"Luo","year":"2014","journal-title":"Inform. Sci."},{"key":"2024021913330454000_ref13","first-page":"283","article-title":"Automatic search of truncated impossible differentials for word-oriented block ciphers","volume-title":"International Conference on Cryptology in India","author":"Wu","year":"2012"},{"key":"2024021913330454000_ref14","first-page":"185","article-title":"New impossible differential search tool from design and cryptanalysis aspects","volume-title":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","author":"Sasaki","year":"2017"},{"key":"2024021913330454000_ref15","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1049\/iet-ifs.2015.0052","article-title":"Searching all truncated impossible differentials in SPN","volume":"11","author":"Cui","year":"2017","journal-title":"IET Inf. Secur."},{"key":"2024021913330454000_ref16","first-page":"196","article-title":"Provable security evaluation of structures against impossible differential and zero correlation linear cryptanalysis","volume-title":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","author":"Sun","year":"2016"},{"key":"2024021913330454000_ref17","doi-asserted-by":"crossref","first-page":"3001","DOI":"10.1007\/s10623-019-00660-7","article-title":"More accurate results on the provable security of AES against impossible differential cryptanalysis","volume":"87","author":"Wang","year":"2019","journal-title":"Des. Codes Cryptogr."},{"key":"2024021913330454000_ref18","doi-asserted-by":"crossref","first-page":"1541","DOI":"10.1007\/s10623-017-0411-z","article-title":"Upper bound of the length of truncated impossible differentials for AES","volume":"86","author":"Wang","year":"2018","journal-title":"Des. Codes Cryptogr."},{"key":"2024021913330454000_ref19","first-page":"415","article-title":"Mind the Propagation of States New Automatic Search Tool for Impossible Differentials and Impossible Polytopic Transitions","volume-title":"International Conference on the Theory and Application of Cryptology and Information Security","author":"Hu","year":"2020"},{"key":"2024021913330454000_ref20","first-page":"690","article-title":"The block cipher uBlock (in Chinese)","volume":"6","author":"Wu","year":"2019","journal-title":"J. Cryptologic Res."},{"key":"2024021913330454000_ref21","article-title":"Performance of SSE and AVX instruction sets","author":"Jeong","year":"2012"},{"key":"2024021913330454000_ref22","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1093\/comjnl\/bxx046","article-title":"Faster population counts using AVX2 instructions","volume":"61","author":"Mula","year":"2018","journal-title":"Comput. J."},{"key":"2024021913330454000_ref23","first-page":"320","volume-title":"NEON crypto. International Workshop on Cryptographic Hardware and Embedded Systems","author":"Bernstein","year":"2012"},{"key":"2024021913330454000_ref24","volume-title":"Differential cryptanalysis of the data encryption standard","author":"Biham","year":"2012"},{"key":"2024021913330454000_ref25","first-page":"386","article-title":"Linear cryptanalysis method for DES cipher","volume-title":"Workshop on the Theory and Application of Cryptographic Techniques","author":"Matsui","year":"1993"},{"key":"2024021913330454000_ref26","first-page":"411","article-title":"Midori: A block cipher for low energy","volume-title":"International Conference on the Theory and Application of Cryptology and Information Security","author":"Banik","year":"2015"},{"key":"2024021913330454000_ref27","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1007\/BF02252867","article-title":"Probability to meet in the middle","volume":"2","author":"Nishimura","year":"1990","journal-title":"J. Cryptol."},{"key":"2024021913330454000_ref28","first-page":"17","article-title":"Markov ciphers and differential cryptanalysis","volume-title":"Workshop on the Theory and Application of Cryptographic Techniques","author":"Lai","year":"1991"},{"key":"2024021913330454000_ref29","doi-asserted-by":"crossref","first-page":"233","DOI":"10.46586\/tosc.v2020.i1.233-265","article-title":"Cryptanalysis of forkciphers","volume":"2020","author":"Bariant","year":"2020","journal-title":"IACR Trans. Symmetric Cryptol."}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/2\/674\/56701249\/bxad009.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/2\/674\/56701249\/bxad009.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,19]],"date-time":"2024-02-19T13:39:42Z","timestamp":1708349982000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/67\/2\/674\/7074317"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,9]]},"references-count":29,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2023,3,9]]},"published-print":{"date-parts":[[2024,2,17]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxad009","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,2]]},"published":{"date-parts":[[2023,3,9]]}}}