Midori128 is a lightweight block cipher proposed at ASIACRYPT 2015 to achieve low energy consumption per bit. Currently, the best published impossible differential attack on Midori128 covers 10 rounds without the pre-whitening key. By exploiting the special structure of the S-boxes and the binary linear transformation layer in Midori128, we present impossible differential distinguishers that cover 7 full rounds including the mix column operations. Then, we exploit four of these distinguishers to launch multiple impossible differential attack against 11 rounds of the cipher with the pre-whitening and post-whitening keys.

In this letter, we present a meet-in-the-middle attack on the 7-round reduced block cipher Kalyna-b/2b, which has been approved as the new encryption standard of Ukraine (DSTU 7624:2014) in 2015. According to its designers, the cipher provides strength to several cryptanalytic methods after the fifth and sixth rounds of the versions with block length of 128 and 256 bits, respectively. Our attack is based on the differential enumeration approach, where we carefully deploy a four-round distinguisher in the first four rounds to bypass the effect of the carry bits resulting from the prewhitening modular key addition. We also exploit the linear relation between consecutive odd and even indexed round keys, which enables us to attack seven rounds and recover all the round keys incrementally. The attack on Kalyna with 128-bit block has a data complexity of 289 chosen plaintexts, time complexity of 2230.2 and a memory complexity of 2202.64. The data, time and memory complexities of our attack on Kalyna with 256-bit block are 2233, 2502.2 and 2170, respectively.

Kiasu-BC is a recently proposed tweakable variant of the AES-128 block cipher. The designers of Kiasu-BC claim that no more than 7-round Meet-in-the-Middle (MitM) attack can be launched against it. In this letter, we present a MitM attack, utilizing the differential enumeration technique, on the 8-round reduced cipher. The attack has time complexity of 2116 encryptions, memory complexity of 286 128-bit blocks, and data complexity of 2116 plaintext-tweak combinations.

Bel-T is the national block cipher encryption standard of the Republic of Belarus. It operates on 128-bit blocks and uses either 128, 192 or 256-bit keys. Bel-T combines a Feistel network with a Lai-Massey scheme and it has a complex round function with 7 S-box layers. In this work, we use a Mixed Integer Linear Programming (MILP) approach to find a a related-key differential characteristic that extends for 4 rounds and 5 S-box layers ($4 rac{5}{7}$ rounds) with probability higher than 2-128. To build an MILP model of Bel-T that a solver can practically handle, we use a partial Difference Distribution Table (DDT) based on the Hamming weight of the input and output differences. The identified differential characteristic is used to mount a key recovery attack on 5 rounds and 6 S-box layers ($5 rac{6}{7}$ out of 8 rounds) of Bel-T-256 with 2123.28 chosen plaintexts and 2228.4 encryptions. According to the best of our knowledge, this is the first public cryptanalysis of Bel-T in the black-box attack model.