Provable Security against Differential and Linear Cryptanalysis for the SPN Structure
نویسندگان
چکیده
In the SPN (Substitution-Permutation Network) structure, it is very important to design a diffusion layer to construct a secure block cipher against differential cryptanalysis and linear cryptanalysis. The purpose of this work is to prove that the SPN structure with a maximal diffusion layer provides a provable security against differential cryptanalysis and linear cryptanalysis in the sense that the probability of each differential (respectively linear hull) is bounded by p (respectively q), where p (respectively q) is the maximum differential (respectively liner hull) probability of n S-boxes used in the substitution layer. We will also give a provable security for the SPN structure with a semi-maximal diffusion layer against differential cryptanalysis and linear cryptanalysis.
منابع مشابه
Practical and Provable Security against Differential and Linear Cryptanalysis for Substitution - Permutation Networks
We examine the diffusion layers of some block ciphers referred to as substitution-permutation networks. We investigate the practical and provable security of these diffusion layers against differential and linear cryptanalysis. First, in terms of practical security, we show that the minimum number of differentially active S-boxes and that of linearly active S-boxes are generally not identical a...
متن کاملSecurity Assessment of Hierocrypt and Rijndael against the Differential and Linear Cryptanalysis (Extended Abstract)
The authors analyze the security of Hierocrypt-3(128-bit) and Hierocrypt-L1(64-bit) designed on the nested SPN(NSPN) structure against the differential and linear cryptanalysis, and found that they are sufficiently secure, e.g., the maximum average differential and linear hull probabilities (MACP and MALHP) are bounded by 2−96 for 4-round of Hierocrypt-3; those probabilities are bounded by 2−48...
متن کاملProvable Security Evaluation of Structures Against Impossible Differential and Zero Correlation Linear Cryptanalysis
Impossible differential and zero correlation linear cryptanalysis are two of the most important cryptanalytic vectors. To characterize the impossible differentials and zero correlation linear hulls which are independent of the choices of the non-linear components, Sun et al. proposed the structure deduced by a block cipher at CRYPTO 2015. Based on that, we concentrate in this paper on the secur...
متن کاملToward Provable Security Against Differential and Linear Cryptanalysis for Camellia and Related Ciphers
We present a new algorithm that evaluates provable security against differential and linear cryptanalysis for Feistel ciphers with invertible substitution-diffusion (SD)-based round functions. This algorithm computes an upper bound on the maximum expected differential or linear probability (MEDP or MELP) based on the number of rounds. We then apply our algorithm to Camellia (minus FL/FL). Previ...
متن کاملOn a Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
We introduce a new methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round functions, round functions with recursive structure, and substitution boxes of different sizes. The first realizes parallel computation of the round functions without losing provable security, and th...
متن کامل