A differential-linear attack on 12-round serpent

Orr Dunkelman, Sebastiaan Indesteege, Nathan Keller

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Serpent is an SP Network block cipher submitted to the AES competition and chosen as one of its five finalists. The security of Serpent is widely acknowledged, especially as the best known attack so far is a differential-linear attack on only 11 rounds out of the 32 rounds of the cipher. In this paper we introduce a more accurate analysis of the differential-linear attack on 11-round Serpent. The analysis involves both theoretical aspects as well as experimental results which suggest that previous attacks had overestimated complexities. Following our findings we are able to suggest an improved 11-round attack with a lower data complexity. Using the new results, we are able to devise the first known attack on 12-round Serpent.

Original languageEnglish
Title of host publicationProgress in Cryptology - INDOCRYPT 2008 - 9th International Conference on Cryptology in India, Proceedings
Number of pages14
StatePublished - 2008
Externally publishedYes
Event9th International Conference on Cryptology in India, INDOCRYPT 2008 - Kharagpur, India
Duration: 14 Dec 200817 Dec 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5365 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference9th International Conference on Cryptology in India, INDOCRYPT 2008

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'A differential-linear attack on 12-round serpent'. Together they form a unique fingerprint.

Cite this