Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first IMPOSSIBLE DIFFERENTIAL cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round ID characteristic by utilizing a miss-in-the-middle-approach. We then present several cryptanalysis based upon the 4.5 rounds distinguisher against round-reduced Deoxys-BC-256 in both single-key and related-key settings. Our contributions include IMPOSSIBLE DIFFERENTIAL attacks on up to 8-round Deoxys-BC-256 in the single-key model. Our attack reaches 9 rounds in the related-key related-tweak model which has a slightly higher data complexity than the best previous results obtained by a related-key related-tweak rectangle attack presented at FSE 2018, but requires a lower memory complexity with an equal time complexity.

IMPOSSIBLE DIFFERENTIAL attack is one of the strongest methods of cryptanalysis on block ciphers. In block ciphers based on SPN (substitution permutation network), the only layer that resists the difference is the nonlinear layer. Obviously, paying attention to the features of nonlinear layer is important for the sake of preventing statistical attacks, such as the DIFFERENTIAL attack. Therefore, this layers’ features regarding attack tolerance should be carefully investigated. The existence of such a nonlinear layer with the required features and applying it in the entire length of the block can lead to more resistance against DIFFERENTIAL attacks. Over the past few years, a new set of block ciphers based on SPN has been introduced, in which the nonlinear layer is applied only to a particular part of the state. In this paper, a general framework for finding the characteristics of the IMPOSSIBLE difference in this type of new block cipher is presented. Contrary to the previous miss-in-the-middle methods, which are used to find the IMPOSSIBLE differences, the method presented in this article is independent of the feature of linear layer of the algorithm and allows the attacker to systematically find the effective IMPOSSIBLE DIFFERENTIAL even in cryptographic algorithms with highly complex linear layer. In order to demonstrate the efficiency of the proposed method, the family of LowMC ciphers that use bitwise linear layer are examined in this paper and based on this framework some IMPOSSIBLE DIFFERENTIAL characteristics are proposed for some versions of reduced LowMCs. This proposed IMPOSSIBLE DIFFERENTIAL characteristics can be easily applied in key-recovery attacks based on the framework presented in this paper. As an example, we show that based on the IMPOSSIBLE difference characteristic obtained for 63 rounds of the LowMC (128, 128, 2, 128), a key-recovery attack is applied to the 64-round of this algorithm. In proposed attack, the complexity of memory is 289, the complexity of the time is 2123. 7, and the complexity of the data is equal to 2123. 1 of the chosen plain text.

IMPOSSIBLE difference attack is a powerful tool for evaluating the security of block ciphers based on finding a DIFFERENTIAL characteristic with the probability of exactly zero. The linear layer diffusion rate of a cipher plays a fundamental role in the security of the algorithm against the IMPOSSIBLE difference attack. In this paper, we show an efficient method, which is independent of the quality of the linear layer, can find IMPOSSIBLE DIFFERENTIAL characteristics of Zorro block cipher. In other words, using the proposed method, we show that, independent of the linear layer feature and other internal elements of the algorithm, it is possible to achieve effective IMPOSSIBLE DIFFERENTIAL characteristic for the 9-round Zorro algorithm. Also, based on represented 9-round IMPOSSIBLE DIFFERENTIAL characteristic, we provide a key recovery attack on reduced 10-round Zorro algorithm. In this paper, we propose a robust and different method to find IMPOSSIBLE difference characteristics for Zorro cipher, which is independent of the linear layer of the algorithm. The main observation in this method is that the number of possible differences in that which may occur in the middle of Zorro algorithm might be very limited. This is due to the different structure of Zorro. We show how this attribute can be used to construct IMPOSSIBLE difference characteristics. Then, using the described method, we show that, independent of the features of the algorithm elements, it is possible to achieve efficient 9-round IMPOSSIBLE DIFFERENTIAL characteristics of Zorro cipher. It is important to note that the best IMPOSSIBLE DIFFERENTIAL characteristics of the AES encryption algorithm are only practicable for four rounds. So the best IMPOSSIBLE DIFFERENTIAL characteristic of Zorro cipher is far more than the best characteristic of AES, while both algorithms use an equal linear layer. Also, the analysis presented in the article, in contrast to previous analyzes, can be applied to all ciphers with the same structure as Zorro, because our analysis is independent of the internal components of the algorithm. In particular, the method presented in this paper shows that for all Zorro modified versions, there are similarly IMPOSSIBLE DIFFERENTIAL characteristics. Zorro cipher is a block cipher algorithm with 128-bit block size and 128-bit key size. Zorro consists of 6 different sections, each with 4 rounds (24 rounds in all). Zorro does not have any subkey production algorithm and the main key is simply added to the value of the beginning state of each section using the XOR operator. Internal rounds of one section do not use the key. Similar to AES, Zorro state matrix can be shown by a 4 × 4 matrix, which each of these 16 components represent one byte. One round of Zorro, consists of four functions, which are SB*, AC, SR, and MC, respectively. The SB* function is a nonlinear function applying only to the four bytes in the first row of the state matrix. Therefore, in the opposite of the AES, where the substitution box is applied to all bytes, the Zorro substitution box only applies to four bytes. The AC operator is to add a round constant. Finally, the two SR and MC transforms are applied to the state matrix, which is, respectively, the shift row and mixed column used in the AES standard algorithm. Since the analyzes presented in this article are independent of the substitution properties, we do not use the S-box definition used by Zorro. Our proposed model uses this Zorro property that the number of possible differences after limited rounds can be much less than the total number of possible differences. In this paper, we introduce features of the Zorro, which can provide a high bound for the number of possible values of an intermediate difference. We will then present a model for how to find Zorro IMPOSSIBLE DIFFERENTIAL characteristics, based on the limitations of the intermediate differences and using the miss-in-the-middle attack. Finally, we show that based on the proposed method, it is possible to find an IMPOSSIBLE DIFFERENTIAL characteristic for 9 rounds of algorithms with a Zorro-like structure and regardless of the linear layer properties. Also, it is possible to apply the key recovery attack on 10 rounds of the algorithm. So, regardless of the features of the used elements, it can be shown that this number of round of algorithms is not secure even by changing the linear layer.

IMPOSSIBLE DIFFERENTIAL attack is a well-known mean to examine robustness of block ciphers. Using IMPOSSIBLE DIFFERENTIAL cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both versions have key size equal to 128 bits. In this paper, we mainly study security of Midori64. To this end, we use various techniques such as early-abort, memory reallocation, miss-in-the-middle and turning to account the inadequate key schedule algorithm of Midori64. We first show two new 7-round IMPOSSIBLE DIFFERENTIAL characteristics which are, to the best of our knowledge, the longest IMPOSSIBLE DIFFERENTIAL characteristics found for Midori64. Based on the new characteristics, we mount three IMPOSSIBLE DIFFERENTIAL attacks on 10, 11, and 12 rounds on Midori64 with287: 7, 290: 63, and 290: 51 time complexity, respectively, to retrieve the master-key.

IMPOSSIBLE DIFFERENTIAL attack is considered as one of the most efficient attacks on block ciphers. The main idea of this attack is to find the differences with zero probability to eliminate the wrong keys and, as a result, to find the right one. Because of having good diffusion in comparison with Feistel algorithms, Piccolo has remained secure against the DIFFERENTIAL attacks. In this paper, using some structural weaknesses of the algorithm, a DIFFERENTIAL attack is executed on 9 rounds of it. The time, data and memory complexity of the attack are 266.4 for 9-rounds Piccolo-80 encryptions, 261 chosen plaintext and 257 bytes of memory, respectively.

IMPOSSIBLE DIFFERENTIAL cryptanalysis, the extension of DIFFERENTIAL cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In this paper, we present a new method for decreasing the time complexity of IMPOSSIBLE DIFFERENTIAL cryptanalysis through breaking down the target key space into subspaces, and extending the results on subspaces to the main target key space. The main advantage of this method is that there is no need to consider the effects of changes in the values of independent key bits on each other. Using the 14-round IMPOSSIBLE DIFFERENTIAL characteristic observed by Boura et al. at ASIACRYPT 2014, we implement this method on 23-round LBlock and demonstrate that it can reduce the time complexity of the previous attacks to 271.8 23-round encryptions using 259 chosen plaintexts and 273 blocks of memory.

IMPOSSIBLE crime is an inchoate offence which the occurrence of result is IMPOSSIBLE because of absence of matter or absence of necessary legal conditions or using inadequate equipment and results to non-existence of target crime. Occurrence of IMPOSSIBLE crime shows mens rea of perpetrators of it and these perpetrators does not have less criminal mind than the people who commit the complete crime. Although, the original crime doesn't happen, it's obvious that the perpetrators haven't obeyed the law. IMPOSSIBLE crime is a crime which has been considered in Iran Law and has amounted to different decisions. Criminal Code 1370 provoked the conflict and most of jurists believe that the Law doesn't mention the IMPOSSIBLE crime. But the criminal Law 1392 under the title of attempt finishes the conflicts. Although, this is not considered as an invention this statute because the mentioned Article, with little difference, is a comeback to Criminal Law 1352. Entrance to execution operations and impossibility of target crime are actus reus of the IMPOSSIBLE crime. Contrary to the most of jurists view, in this crime there is no need to finish the executive operations and it can be stopped in the half way. In accordance to Iran Law, and not in England Law, the IMPOSSIBLE crime in crimes which there actus reus is an omission can be occurred. Moreover, essential of occurrence of an IMPOSSIBLE crime is existence of intention. About punishing or not punishing the perpetrator of an IMPOSSIBLE crime different views are taken.However, the mention countries Law believe in punishing the perpetrator of an IMPOSSIBLE crime. It is necessary to be considered that the punishment should be diminished to complete crime, and due to this in Iran Law an IMPOSSIBLE crime is tantamount to an attempt and it is punishment is less than a complete crime. English Law also considered the IMPOSSIBLE crime as an attempt but the punishments are the same. However, in all two countries Law it is necessary that the attempt be punishable in order to punish the IMPOSSIBLE crime.

Doubtless, any topic of humanities had been affected by Darwinian evolutionary theory in past century. Since evolution by means of natural selection founded on a base of a political right-wing economic theory, there were some social materialists whom looked for a middle way between both evolutionary and left sides theories. Their hopes and efforts probably increased due to recognition of role of cooperation in resent new Darwinian evolutionary approaches like multi-level selection theory. Singer’ s book, A Darwinian Left, could consider as such efforts. Although, his effort in five short chapters is for providing an intermediate compatible explanation of the principles of evolution and leftism ideas but it looks that it is difficult to accept his explanations even by redact some essential concept in left side because not only still metaphysical priority of competition against cooperation are considered in any recent evolution by means of natural selection theories but also political right-wing and any evolutionary theory by priority of competition are conceptually both sides of a coin.

Some philosophers have tried to justify the existence of infinity in collections such as chains of numbers, temporal contingent and abstract souls by three conditions: actuality, coming together and succession and protected mentioned collections against arguments of absurdity of the infinite regress.In this paper, we show that appealing to mentioned conditions to exit chains of numbers, temporal contingent and abstract souls from circle of actual infinity is not successful. Inseparability of numbers and multiplicity in the first condition, lack of appropriate meaning of the term "coming together" in the second one and consideration of limitations of human minds in justification of the third condition cause these conditions to encounter serious challenges.