Differential-linear cryptanalysis of serpent

Eli Biham, Orr Dunkelman, Nathan Keller

Research output: Contribution to journalArticlepeer-review


Serpent is a 128-bit SP-Network block cipher consisting of 32 rounds with variable key length (up to 256 bits long). It was selected as one of the 5 AES finalists. The best known attack so far is a linear attack on an 11-round reduced variant. In this paper we apply the enhanced differential-linear cryptanalysis to Serpent. The resulting attack is the best known attack on 11-round Serpent. It requires 2125.3 chosen plaintexts and has time complexity of 2139.2. We also present the first known attack on 10-round 128-bit key Serpent. These attacks demonstrate the strength of the enhanced differential-linear cryptanalysis technique.

Original languageEnglish
Pages (from-to)9-21
Number of pages13
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
StatePublished - 2003
Externally publishedYes

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Differential-linear cryptanalysis of serpent'. Together they form a unique fingerprint.

Cite this