Impossible Differential Cryptanalysis

In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected probability, impossible differential cryptanalysis exploits differences that are impossible (having probability 0) at some intermediate state of the cipher algorithm.

Lars Knudsen appears to be the first to use a form of this attack, in the 1998 paper where he introduced his AES candidate, DEAL. The first presentation to attract the attention of the cryptographic community was later the same year at the rump session of CRYPTO '98, in which Eli Biham, Alex Biryukov, and Adi Shamir introduced the name "impossible differential" and used the technique to break 4.5 out of 8.5 rounds of IDEA and 31 out of 32 rounds of the NSA-designed cipher Skipjack. This development led cryptographer Bruce Schneier to speculate that the NSA had no previous knowledge of impossible differential cryptanalysis. The technique has since been applied to many other ciphers besides IDEA and Skipjack: Khufu and Khafre, E2, variants of Serpent, MARS, Twofish, Rijndael, CRYPTON, Zodiac, Hierocrypt-3, TEA, XTEA, Mini-AES, ARIA, Camellia, and SHACAL-2.

Biham, Biryukov and Shamir also presented a relatively efficient specialized method for finding impossible differentials that they called a miss-in-the-middle attack. This consists of finding "two events with probability one, whose conditions cannot be met together."

Other articles related to "differential":

Current (mathematics)
... In mathematics, more particularly in functional analysis, differential topology, and geometric measure theory, a k-current in the sense of Georges ... Formally currents behave like Schwartz distributions on a space of differential forms ...
Separable Differential Equation
... In mathematics, a separable differential equation may refer to one of two related things, both of which are differential equations that can be attacked by a method of separation of variables ... For ordinary differential equations, it describes a class of equations that can be separated into a pair of integrals ... See examples of differential equations ...
BMW X Drive - Predecessor 4WD System
... The system had a planetary center differential with a permanent 38-62 (front-back) torque split ... Both the center and rear differential had a viscous lock which would engage automatically if slippage occurred (one shaft rotated at a significantly different speed compared to the other) ... The front differential had no lock of any kind ...
Differential - Other
... Differential hardening, in metallurgy Differential rotation, in astronomy Differential centrifugation, in cell biology Differential scanning calorimetry, in materials science Differential signalling, in ...

Famous quotes containing the words impossible and/or differential:

    It is impossible for me to envisage a picture as being other than a window, and ... my first concern is then to know what it looks out on.
    André Breton (1896–1966)

    But how is one to make a scientist understand that there is something unalterably deranged about differential calculus, quantum theory, or the obscene and so inanely liturgical ordeals of the precession of the equinoxes.
    Antonin Artaud (1896–1948)