An implementation of a simplified differential cryptanalysis attack on a toy block cipher. The project was undertaken as I was teaching myself some fundamentals of cryptography. I followed along with the ideas presented in this explanation, then implemented it in python to better understand the process.
The target cipher is intentionally minimal so that its structure can be analyzed directly:
- 16-bit block size with 4 rounds
- A fixed S-box (4-bit substitution)
- A simple permutation table
- Round keys XORed with the state at each step
The code carries out the main steps of a differential attack:
-
Generate a Difference Distribution Table (DDT) The DDT records how input XOR differences propagate through the S-box, showing which output differences are more probable.
-
Identify Differential Trails By combining the most probable transitions, we can construct differential trails through the cipher.
Example trails observed include:0x000b -> 0x1400with probability ≈ 0.05270x0600 -> 0x00A8with probability ≈ 0.0352
-
Apply Chosen-Plaintext Pairs Using pairs of plaintexts with fixed input differences, the ciphertexts are partially decrypted under candidate subkeys. Key guesses are ranked by how frequently they lead to the expected XOR output along a given trail.
-
Recover Round Key Information Trails with only one or two active S-boxes in the final round reduce the key search space, making it possible to identify the most likely round key bits.
python diff_crypt.pyThe program will:
- Print the generated S-box and permutation table
- Compute the DDT
- Show the most probable differential trails
- Test candidate subkeys using chosen-plaintext pairs
- Output the most likely round key
- Successfully recovered the 5th round key using two trails:
- First trail probability ≈ 5.3%
- Second trail probability ≈ 3.5%
- Combined, these led to a confident guess of the correct round key bits.
See the pdf for more details.