Practical and Provable Security against Differential and Linear Cryptanalysis for Substitution-Permutation Networks

  • Kang, Ju-Sung (Information Security Research Division, ETRI) ;
  • Hong, Seok-Hie (Center for Information Security Technologies, Korea University) ;
  • Lee, Sang-Jin (Center for Information Security Technologies, Korea University) ;
  • Yi, Ok-Yeon (Department of Mathematics, Kookmin University) ;
  • Park, Choon-Sik (National Security Research Institute, ETRI) ;
  • Lim, Jong-In (Center for Information Security Technologies, Korea University)
  • Received : 2001.05.04
  • Accepted : 2001.10.17
  • Published : 2001.12.30

Abstract

We examine the diffusion layers of some block ciphers referred to as substitution-permutation networks. We investigate the practical and provable security of these diffusion layers against differential and linear cryptanalysis. First, in terms of practical security, we show that the minimum number of differentially active S-boxes and that of linearly active S-boxes are generally not identical and propose some special conditions in which those are identical. We also study the optimal diffusion effect for some diffusion layers according to their constraints. Second, we obtain the results that the consecutive two rounds of SPN structure provide provable security against differential and linear cryptanalysis, i.e., we prove that the probability of each differential (resp. linear hull) of the consecutive two rounds of SPN structure with a maximal diffusion layer is bounded by $p^n(resp.q^n)$ and that of each differential (resp. linear hull) of the SDS function with a semi-maximal diffusion layer is bounded by $p^{n-1}(resp. q^{n-1})$, where p and q are maximum differential and linear probabilities of the substitution layer, respectively.

Keywords

References

  1. Bell System Tech. J. v.28 Communication Theory of Secrecy Systems Shannon, C.E.
  2. Advances in Cryptology-CRYPTO'90 v.LNCS 537 Differential Cryptanalysis of DES-Like Cryptosystems Biham, E.;Shamir, A.
  3. J. of Cryptology no.4 Differential Cryptanalysis of DES-Like Cryptosystems Biham, E.;Shamir, A.
  4. Advances in Cryptology-Eurocrypt'91 v.LNCS 547 Markov Ciphers and Differential Cryptanalysis Lai, X.;Massey, J.L.;Murphy, S.
  5. Advances in Cryptology-Eurocrypt'93 v.LNCS 765 Linear Cryptanalysis Method for DES Cipher Matsui, M.
  6. Advances in Cryptology-Eurocrypt'94 v.LNCS 950 Linear Approximation of Block Ciphers Nyberg, K.
  7. Selected Areas in Cryptography v.LNCS 1556 A Strategy for Constructing Fast Round Functions with Practical Security against Differential and Linear Cryptanalysis Kanda, M.;Takashima, Y.;Matsumoto, T.;Aoki, K.;Ohta, K.
  8. IEICE TRANS. FUNDAMENTALS no.1 Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability Aoki, K.;Ohta, K.
  9. Proc. of SAC'97 On Provable Security against Differential and Linear Cryptanalysis in Generalized Feistel Ciphers with Multiple Random Functions Kaneko, Y.;Sano, F.;Sakurai, K.
  10. Fast Software Encryption v.LNCS 1039 New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptalaysis Matsui, M.
  11. J. of Cryptology v.8 no.1 Provable Security against Differential Cryptanalysis Nyberg, K.;Knudsen, L.R.
  12. Fast Software Encryption v.LNCS 1267 The Block Cipher SQUARE Daemen, J.;Knudsen, L.R.;Rijmen, V.
  13. Fast Software Encryption v.LNCS 809 Practically Secure Feistel Ciphers Knudsen, L.R.
  14. Fast Software Encryption v.LNCS 1039 The Cipher SHARK Rijmen, V.;Daemen, J.;Preneel, B.;Bossclaers, A.;Win, E.D.
  15. Proc. of FSE2000, LNCS Provable Security against Differential and Linear Cryptanaysis for the SPN structure Hong, S.H.;Lee, S.J.;Lim, J.I.;Sung, J.C.;Choen, D.H.
  16. Proc. of ICISC'99 v.LNCS 1787 On the Optimal Diffusion Layer with Practical Security against Differential and Linear Cryptanalysis Kang, J.S.;Park, C.S.;Lee, S.J.;Lim, J.I.
  17. Selected Areas in Cryptography v.LNCS 2012 Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function Kanda, M.
  18. AES Proposal CRYPTON: A New 128-Bit Block Cipher Lim, C.H.
  19. AES Proposal The Rijndael Block Cipher Daemen, J.;Rijmen, V.
  20. AES Proposal E2: Efficient Encryption Algorithm NTT-Nippon Telegraph and Telephone Corporation
  21. The Theory of Error-Correcting Codes MacWillams, F.J.;Sloan, N.J.A.
  22. Fast Software Encryption v.LNCS 1008 Correlation Matrices Daemen, J.;Govaerts, R.;Vandewalle, J.