I'm trying to implement impossible differential cryptanalysis on 3.5 round IDEA using Miss in the Middle Attack on IDEA and Khufu paper as a reference and I'm stuck on the first two steps of the attack:
In the paper the authors say that I should choose a structure of $2^{32}$ plaintexts $X^1$ with identical $X^1_{2}$ , identical $X^1_{4}$ and all the possiblities of $X^1_{1}$
and $X^1_{3}$ .
So in order to build this structure I've been using input differences that goes from $(0000\;\;0000\;\;0000\;\;0000)_{hex}$ to $(FFFF\;\;0000\;\;FFFF\;\;0000)_{hex}$ and taking $plaintext_1$ in each pair from a large file of texts that I've collected from various books and then I would calculate $plaintext_2$ so that $\Delta plaintext=plaintext_1\oplus plaintext_2$ will be equal to one of the input differences in the previous range , so I should get a total of $2^{32}$ pairs as a result.
And in order to implement the second step of the attack I searched in the previously constructed pairset for pairs that their ciphertext difference statisfy $Y^{4'}_3=0$ and $Y^{4'}_4=0$ and they say in the paper I should get about $2^{31}$ pair that statisfy this condition so about half of the pairs will satisfy the condition.
But when I tried to implement these steps I get just about $10\%$ of the pairset that statisfied the previous condition , so is there anything I'm doing wrong with the way I'm implementing these two steps?
