Truncated Differential Attacks on Contracting Feistel Ciphers


  • Tim Beyne imec - Computer Security and Industrial Cryptography (COSIC) Research Group, Department of Electrical Engineering (ESAT), KU Leuven, Belgium
  • Yunwen Liu Independent researcher, China



Truncated differentials, Contracting Feistel ciphers, SMT, GMiMC, SM-4


We improve truncated differential attacks on t-branch contracting Feistel ciphers with a domain size of Nt. Based on new truncated differentials, a generic distinguisher for t2 + t − 2 rounds using O(Nt−1) data and time is obtained. In addition, we obtain a key-recovery attack on t2 + 1 rounds with Õ(Nt−2) data and Õ(Nt−1) time. Compared to previous results by Guo et al. (ToSC 2016), our attacks cover more rounds with a lower data-complexity. Applications of the generic truncated differential to concrete ciphers include full-round attacks on some instances of GMiMC-crf, and the best-known key-recovery attack on 17 rounds of the Chinese block cipher standard SM4. In addition, we propose an automated search method for truncated differentials using SMT, which is effective even for trails with probability below the probability of the truncated differential for a random permutation.




How to Cite

Beyne, T., & Liu, Y. (2022). Truncated Differential Attacks on Contracting Feistel Ciphers. IACR Transactions on Symmetric Cryptology, 2022(2), 141–160.