New impossible differential attacks on reduced-round Crypton

Crypton is a 128-bit block cipher which was submitted to the Advanced Encryption Standard competition. In this paper, we present two new impossible differential attacks to reduced-round Crypton. Using two new observations on the diffusion layer of Crypton, exploiting a 4-round impossible differential, and appropriately choosing three additional rounds, we mount the first impossible differential attack on 7-round Crypton. The proposed attacks require 2121 chosen plaintexts each. The first attack requires 2125.2 encryptions. We then utilize more pre-computation and memory to reduce the time complexity to 2116.2 encryptions in the second attack.