①(Department of Mathematics and System Science, Science College, National University of Defense Technology, Changsha 410073, China) ②(State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China)
Abstract:This paper re-evaluates the security of Zodiac against Square attacks. There are 8-round Square distinguishers of Zodiac. In this paper, four equivalent structures of Zodiac are given, based on which two new 9-round distinguishers are proposed. Then by using the 9-round Square distinguishers, Square attacks are applied to 12/13/14/15/16-round Zodiac with time complexities being 237.3, 262.9, 296.1, 2137.1, 2189.5, and data complexities being 210.3, 211, 211.6, 212.1, 212.6, respectively. Additionally, these attacks show that full 16-round Zodiac-192 is not immune to Square attack.