论文信息 - Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)

Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)

Provable security of a block cipher against differential / linear cryptanalysis is based on the maximum expected differential / linear probability (MEDP / MELP) over T ≥ 2 core rounds. Over the past few years, several results have provided increasingly tight upper and lower bounds in the case T = 2 for the Advanced Encryption Standard (AES). We show that the exact value of the 2-round MEDP / MELP for the AES is equal to the best known lower bound: 53/2 ≈ 1.656 × 2−29 / 109, 953, 193/2 ≈ 1.638 × 2−28. This immediately yields an improved upper bound on the AES MEDP / MELP for T ≥ 4, namely (53/234)4 ≈ 1.881× 2−114 / (109, 953, 193/254)4 ≈ 1.802× 2−110.

Liam Keliher | Jiayuan Sui

[1] Henk Meijer,et al. New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs , 2001, EUROCRYPT.

[2] Hideo Shimizu,et al. On the Security of Nested SPN Cipher against the Differential and Linear Cryptanalysis , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3] Sangjin Lee,et al. Improving the Upper Bound on the Maximum Differential and the Maximum Linear Hull Probability for SPN Structures and AES , 2003, FSE.

[4] Seungjoo Kim,et al. Differential and linear cryptanalysis for 2-round SPNs , 2003, Inf. Process. Lett..

[5] Henk Meijer,et al. Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael , 2001, Selected Areas in Cryptography.

[6] Liam Keliher,et al. Refined Analysis of Bounds Related to Linear and Differential Cryptanalysis for the AES , 2004, AES Conference.

[7] Serge Vaudenay,et al. On the Security of CS-Cipher , 1999, FSE.

[8] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[9] Jongin Lim,et al. On the Security of Rijndael-Like Structures against Differential and Linear Cryptanalysis , 2002, ASIACRYPT.

[10] Seokhie Hong,et al. Provable Security against Differential and Linear Cryptanalysis for the SPN Structure , 2000, FSE.

[11] Jongin Lim,et al. Practical and Provable Security against Differential and Linear Cryptanalysis for Substitution‐Permutation Networks , 2001 .