On the Optimal Diffusion Layers with Practical Security against Differential and Linear Cryptanalysis

In this works we examine the diffusion layers of some block ciphers referred to as substitution-permutation networks. We investigate the practical security of these diffusion layers against differential and linear cryptanalysis by using the notion of active S-boxes. We show that the minimum number of differentially active S-boxes and that of linearly active S-boxes are generally not identical and propose some special conditions in which those are identical. Moreover, we apply our results to analyze three diffusion layers used in the block ciphers E2, CRYPTON and Rijndael, respectively. It is also shown that these all diffusion layers have achieved optimal security according to their each constraints of using operations.

[1]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[2]  Vincent Rijmen,et al.  The Cipher SHARK , 1996, FSE.

[3]  Lars R. Knudsen,et al.  Practically Secure Feistel Ciphers , 1994 .

[4]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[5]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[6]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[7]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[8]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[9]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[10]  Chae Hoon Lim,et al.  CRYPTON: A New 128-bit Block Cipher - Specification and Analysis , 1998 .

[11]  Lars R. Knudsen,et al.  Practically Secure Feistel Cyphers , 1993, FSE.

[12]  Tsutomu Matsumoto,et al.  A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis , 1998, Selected Areas in Cryptography.

[13]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[14]  Mitsuru Matsui,et al.  New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis , 1996, FSE.

[15]  Kazumaro Aoki,et al.  Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability (Special Section on Cryptography and Information Security) , 1997 .

[16]  FunctionsYasuyoshi KANEKOy,et al.  On Provable Security against Diierential and Linear Cryptanalysis in Generalized Feistel Ciphers with Multiple Random Functions , 1997 .

[17]  Lars R. Knudsen,et al.  Provable Security Against Differential Cryptanalysis , 1992, CRYPTO.

[18]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[19]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[20]  Joos Vandewalle,et al.  Correlation Matrices , 1994, FSE.