Slender-Set Differential Cryptanalysis

Julia Borghoff, Lars Ramkilde Knudsen, Gregor Leander, Søren Steffen Thomsen

Research output: Contribution to journalJournal articleResearchpeer-review


This paper considers PRESENT-like ciphers with key-dependent S-boxes. We focus on the setting where the same selection of S-boxes is used in every round. One particular variant with 16 rounds, proposed in 2009, is broken in practice in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round, and where the bit permutation is key-dependent as well.
Original languageEnglish
JournalJournal of Cryptology
Issue number1
Pages (from-to)11-38
Publication statusPublished - 2013


  • Symmetric key
  • Block cipher
  • Differential cryptanalysis

Fingerprint Dive into the research topics of 'Slender-Set Differential Cryptanalysis'. Together they form a unique fingerprint.

Cite this