Algebraic techniques on searching linear diffusion layers in block cipher

Maximum branch number permutation plays an efficacious role in providing resistance against the most well-known attacks on block ciphers, such as differential cryptanalysis and linear cryptanalysis. In this paper, we propose algebraic techniques in searching permutations with maximal branch number, which can be employed as the linear diffusion layers in block ciphers. We focus on permutations composed of simple operations such as word-level XORs and rotations. Some necessary conditions are proposed to filter out linear permutations that cannot achieve the maximal branch number. With these conditions, the searching process of maximum permutation on 32-bit word can be finished in 1i¾źs, contrast to the previous searching method which spent several days on two computers. What is the most important is that it can be generalized to 64-bit word and show that there is no 8-byte word permutation, which is XOR of 9 right-rotations or 11 right-rotations with maximum branch number. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  G. Strang Introduction to Linear Algebra , 1993 .

[2]  Henk Meijer,et al.  Modeling Linear Characteristics of Substitution-Permutation Networks , 1999, Selected Areas in Cryptography.

[3]  Robert J. McEliece,et al.  The Theory of Information and Coding , 1979 .

[4]  Wenling Wu,et al.  Recursive Diffusion Layers for (Lightweight) Block Ciphers and Hash Functions , 2012, Selected Areas in Cryptography.

[5]  Yehuda Lindell,et al.  Introduction to Modern Cryptography, Second Edition , 2014 .

[6]  Lei Hu,et al.  Differential fault attack on Zorro block cipher , 2015, Secur. Commun. Networks.

[7]  Frédérique E. Oggier,et al.  Lightweight MDS Involution Matrices , 2015, FSE.

[8]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[9]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[10]  Daniel Augot,et al.  Direct Construction of Recursive MDS Diffusion Layers Using Shortened BCH Codes , 2014, FSE.

[11]  Lei Hu,et al.  Analysis of the SMS4 Block Cipher , 2007, ACISP.

[12]  Mahdi Sajadieh,et al.  Efficient Recursive Diffusion Layers for Block Ciphers and Hash Functions , 2013, Journal of Cryptology.

[13]  Mohammad Dakhilalian,et al.  Biclique cryptanalysis of MIBS-80 and PRESENT-80 block ciphers , 2016, Secur. Commun. Networks.

[14]  Jung Hwan Song,et al.  On Constructing of a 32 ×32 Binary Matrix as a Diffusion Layer for a 256-Bit Block Cipher , 2006, ICISC.

[15]  Christof Paar,et al.  Block Ciphers - Focus on the Linear Layer (feat. PRIDE) , 2014, CRYPTO.

[16]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.

[17]  Jiqiang Lu Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard , 2007, ICICS.

[18]  Balázs Patkós,et al.  Search problems in vector spaces , 2015, Des. Codes Cryptogr..

[19]  Chen-Hui Jin,et al.  Several Properties of Binary Diffusion Layers for Block Cipher: Several Properties of Binary Diffusion Layers for Block Cipher , 2012 .

[20]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[21]  Jung Hwan Song,et al.  Constructing and Cryptanalysis of a 16 × 16 Binary Matrix as a Diffusion Layer , 2003, WISA.

[22]  Dengguo Feng,et al.  Some New Observations on the SMS4 Block Cipher in the Chinese WAPI Standard , 2009, ISPEC.

[23]  Daniel Augot,et al.  Exhaustive search for small dimension recursive MDS diffusion layers for block ciphers and hash functions , 2013, 2013 IEEE International Symposium on Information Theory.

[24]  Yongqiang Li,et al.  On the Construction of Lightweight Circulant Involutory MDS Matrices , 2016, FSE.