impossible differential cryptanalysis of reduced-round mcrypton-64

Impossible-differential cryptanalysis is one of the powerful methods utilized for evaluating the robustness of block ciphers; however, mcrypton is one of the block ciphers whose master key has not been recovered with this method in the single-key scenario. this paper first clarifies the branch number of the linear layer of mcrypton block ciphers with an observation. it has been shown that the branch number of the linear layer in mcrypton block cipher is four. then, using this result, a 4-round impossible differential in a single-key scenario has been found. on the other hand, by exploiting the result of several observations, some vulnerabilities in the key-schedule algorithm were discovered and introduced. as a result, by exploiting the discovered vulnerabilities and 4-round property, impossible-differential cryptanalysis was successfully applied to seven rounds of mcrypton-64. to our knowledge, this is the first impossible differential cryptanalysis applied on mcrypton-64. in addition, this method requires 2^36.0 bytes of memory, 2^59.0 chosen plaintexts (with the corresponding ciphertexts), and 2^59.6 encryptions to recover the master key.