Decorrelated Fast Cipher : an AES

This report presents a response to the call for candidates issued by the National Institute for Standards and Technologies (the Advanced Encryption Standard project). The proposed candidate | called DFC as for \Decorrelated Fast Cipher" | is based on Vaudenay's decor-relation technique. This provides provable security against several classes of attacks which include the basic version of Biham and Shamir's Diier-ential Cryptanalysis as well as Matsui's Linear Cryptanalysis. Since the beginning of commercial use of symmetric encryption through block ciphers in the seventies, construction design used to be heuristic-based and security was empiric: a given block cipher was considered to be secure until some researcher published an attack on. The Data Encryption Standard 1] initiated an important open research area, and some important cryptanalysis methods emerged, namely Biham and Shamir's diierential cryptanalysis 7] and Mat-sui's linear cryptanalysis 13], as well as further generalizations. Ny-berg and Knudsen 16] showed how to build toy block ciphers which provably resist diierential cryptanalysis (and linear cryptanalysis as well as has been shown afterward 4]). This paradigm has successfully been used by Matsui in the MISTY cipher 14, 15]. However Nyberg and Knudsen's method does not provide much freedom for the design, and actually, this paradigm leads to algebraic constructions. This may open the way to other kind of weaknesses as shown by Jakobsen and Knudsen 9] (although no weakness has been discovered in MISTY so far).