The provable constructive effect of diffusion switching mechanism in CLEFIA-type block ciphers

CLEFIA is a block cipher designed by Sony Corporation, adopted as a lightweight encryption algorithm of the new ISO/IEC 29192-2 standard, and proposed as a Japanese e-Government recommendation cipher CRYPTREC candidate. Provable security properties of cryptographic design are crucial in any security evaluation. Providing lower bounds on the number of active S-boxes in differential and linear characteristics has been one of the few important provable properties that can be formally shown for block ciphers and hence received a lot of attention. In this work, we prove tighter lower bounds on the number of linearly active S-boxes in CLEFIA-type generalized Feistel networks (GFNs) with diffusion switching mechanism (DSM). We show that every 6 rounds of such GFNs provide 50% more linearly active S-boxes than proven previously. Moreover, we experimentally demonstrate that the new bound is tight for up to at least 12 rounds, whereas the previous one is not. Thus, this paper delivers first provable evidence that diffusion switching mechanism actually provides an advantage by guaranteeing more active S-boxes in GFNs.

[1]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[2]  Hideki Imai,et al.  On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses , 1989, CRYPTO.

[3]  Kyoji Shibutani,et al.  On the Diffusion of Generalized Feistel Structures Regarding Differential and Linear Cryptanalysis , 2010, Selected Areas in Cryptography.

[4]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[5]  Mohd Ali,et al.  A New 128-Bit Block Cipher , 2009 .

[6]  Kyoji Shibutani,et al.  Generalized Feistel networks revisited , 2012, Designs, Codes and Cryptography.

[7]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[8]  Vincent Rijmen,et al.  The Advanced Encryption Standard Process , 2002 .

[9]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[10]  Andrey Bogdanov,et al.  On the differential and linear efficiency of balanced Feistel networks , 2010, Inf. Process. Lett..

[11]  Masanobu Katagi,et al.  The 128-Bit Blockcipher CLEFIA , 2007, RFC.

[12]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[13]  Bart Preneel,et al.  On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds , 2004, ASIACRYPT.

[14]  Dongdai Lin,et al.  Security on Generalized Feistel Scheme with SP Round Function , 2006, Int. J. Netw. Secur..

[15]  Kazuo Ohta,et al.  E2 - A new 128-bit block cipher , 2000 .

[16]  Kiyomichi Araki,et al.  On Generalized Feistel Structures Using the Diffusion Switching Mechanism , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[17]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[18]  Rudolf Lide,et al.  Finite fields , 1983 .

[19]  K. Conrad,et al.  Finite Fields , 2018, Series and Products in the Development of Mathematics.

[20]  Andrey Bogdanov,et al.  On unbalanced Feistel networks with contracting MDS diffusion , 2011, Des. Codes Cryptogr..

[21]  Kyoji Shibutani,et al.  Double SP-Functions: Enhanced Generalized Feistel Networks , 2011 .

[22]  Kyoji Shibutani,et al.  Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices , 2004, FSE.