Abstract:This paper reevaluates the security of Zodiac against impossible differential and integral attacks. In the past, results have shown that there are 15-round impossible differentials and 8-round integral distinguishers of Zodiac. Based on an 8-round truncated differential, with probability being 1, full 16-round impossible differentials and 9-round integral distinguishers are constructed. Integral attacks are applied to 12/13/14/15/16-round Zodiac with time complexities being 234, 259, 293, 2133 and 2190, respectively. Both the numbers of chosen plaintexts are no more than 216, which shows that the full 16-round Zodiac is not immune to integral attack.