International Association
for Cryptologic Research

TWINE is a recent lightweight block cipher based on a Feistel

structure. We first present two new attacks on TWINE-128

reduced to 25 rounds that have a slightly higher overall complexity than the 25-round attack presented by Wang and Wu at ACISP 2014, but a lower data complexity.

Then, we introduce alternative representations of both the round

function of this block cipher and of a sequence of 4 rounds. LBlock,

another lightweight block cipher, turns out to exhibit the same

behaviour. Then, we illustrate how this alternative representation

can shed new light on the security of TWINE by deriving high

probability iterated truncated differential trails covering 4 rounds

with probability $2^{-16}$.

The importance of these is shown by combining different

truncated differential trails to attack 23-rounds TWINE-128 and by

giving a tighter lower bound on the high probability of some

differentials by clustering differential characteristics following

one of these truncated trails. A comparison between these high

probability differentials and those recently found in a variant of

LBlock by Leurent highlights the importance of considering the whole

distribution of the coefficients in the difference distribution

table of a S-Box and not only their maximum value.