Security evaluation of MISTY structure with SPN round function

Abstract This paper deals with the security of MISTY structure with SPN round function. We study the lower bound of the number of active s-boxes for differential and linear characteristics of such block cipher construction. Previous result shows that the differential bound is consistent with the case of Feistel structure with SPN round function, yet the situation changes when considering the linear bound. We carefully revisit such issue, and prove that the same bound in fact could be obtained for linear characteristic. This result combined with the previous one thus demonstrates a similar practical secure level for both Feistel and MISTY structures. Besides, we also discuss the resistance of MISTY structure with SPN round function against other kinds of cryptanalytic approaches including the integral cryptanalysis and impossible differential cryptanalysis. We confirm the existence of 6-round integral distinguishers when the linear transformation of the round function employs a binary matrix (i.e., the element in the matrix is either 0 or 1), and briefly describe how to characterize 5 / 6 / 7 -round impossible differentials through the matrix-based method.

[1]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[2]  Kiyomichi Araki,et al.  On Generalized Feistel Structures Using the Diffusion Switching Mechanism , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3]  Yasuo Hatano,et al.  Higher Order Differential Attack of Camellia (II) , 2002, Selected Areas in Cryptography.

[4]  Kyoji Shibutani,et al.  Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices , 2004, FSE.

[5]  Eli Biham,et al.  On Matsui's Linear Cryptanalysis , 1994, EUROCRYPT.

[6]  Xuejia Lai,et al.  Unified Impossible Differential Cryptanalysis on Block Cipher Structures , 2009 .

[7]  Andrey Bogdanov,et al.  On unbalanced Feistel networks with contracting MDS diffusion , 2011, Des. Codes Cryptogr..

[8]  Sangjin Lee,et al.  Improving the Upper Bound on the Maximum Differential and the Maximum Linear Hull Probability for SPN Structures and AES , 2003, FSE.

[9]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[10]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[11]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[12]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[13]  Jongsung Kim,et al.  Impossible Differential Cryptanalysis for Block Cipher Structures , 2003, INDOCRYPT.

[14]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[15]  Kazumaro Aoki,et al.  Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability (Special Section on Cryptography and Information Security) , 1997 .

[16]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[17]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[18]  Thomas Baignères,et al.  Dial C for Cipher , 2006, Selected Areas in Cryptography.

[19]  Mitsuru Matsui,et al.  New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis , 1996, FSE.

[20]  Jongsung Kim,et al.  Impossible differential cryptanalysis using matrix method , 2010, Discret. Math..

[21]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[22]  Bart Preneel,et al.  On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds , 2004, ASIACRYPT.

[23]  Thomas Baignères,et al.  KFC - The Krazy Feistel Cipher , 2006, ASIACRYPT.

[24]  Ping Li,et al.  Impossible Differential Cryptanalysis on Feistel Ciphers with SP and SPS Round Functions , 2010, ACNS.

[25]  Dongdai Lin,et al.  Security on Generalized Feistel Scheme with SP Round Function , 2006, Int. J. Netw. Secur..

[26]  Jongin Lim,et al.  Practical and Provable Security against Differential and Linear Cryptanalysis for Substitution‐Permutation Networks , 2001 .

[27]  Seokhie Hong,et al.  Provable Security against Differential and Linear Cryptanalysis for the SPN Structure , 2000, FSE.

[28]  Kyoji Shibutani,et al.  On the Diffusion of Generalized Feistel Structures Regarding Differential and Linear Cryptanalysis , 2010, Selected Areas in Cryptography.

[29]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[30]  Chao Li,et al.  Integral Cryptanalysis of ARIA , 2009, Inscrypt.

[31]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[32]  Chao Li,et al.  Impossible differential cryptanalysis of SPN ciphers , 2011, IET Inf. Secur..

[33]  Zhang Wentao,et al.  Security on Generalized Feistel Scheme with SP Round Function 1 , 2004 .

[34]  Lars R. Knudsen,et al.  Provable Security Against a Differential Attack , 1994 .

[35]  Vincent Rijmen,et al.  The Wide Trail Design Strategy , 2001, IMACC.

[36]  Vincent Rijmen,et al.  The Cipher SHARK , 1996, FSE.

[37]  Masayuki Kanda,et al.  Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function , 2000, Selected Areas in Cryptography.

[38]  Axel Poschmann,et al.  Parallelizing the Camellia and SMS4 Block Ciphers , 2010, AFRICACRYPT.

[39]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[40]  Kyoji Shibutani,et al.  On Feistel Structures Using a Diffusion Switching Mechanism , 2006, FSE.

[41]  Marine Minier,et al.  New Results on the Pseudorandomness of Some Blockcipher Constructions , 2001, FSE.

[42]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.