Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard
نویسندگان
چکیده
The current standard approach to demonstrate provable security of a block cipher against differential and linear cryptanalysis is based on the maximum expected differential and linear probability (MEDP and MELP) over a sequence of core cipher rounds. Often information about these values for a small number of rounds leads to significant insights concerning the security of the cipher for larger numbers of rounds, including the full cipher. Recent results have tightened the bounds on the MEDP and MELP for the two-round Advanced Encryption Standard (AES), but no previous approach has determined them exactly. An algorithm that computes the exact MEDP and MELP for the two-round AES is presented, and the computational results of our algorithm are provided. In addition to resolving this outstanding question for the AES, these exact values also lead to improved upper bounds on the MEDP and MELP for four or more AES rounds.
منابع مشابه
Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)
Provable security of a block cipher against differential / linear cryptanalysis is based on the maximum expected differential / linear probability (MEDP / MELP) over T ≥ 2 core rounds. Over the past few years, several results have provided increasingly tight upper and lower bounds in the case T = 2 for the Advanced Encryption Standard (AES). We show that the exact value of the 2-round MEDP / ME...
متن کاملUpper Bounds of Maximum Values of Average Differential and Linear Characteristic Probabilities of Feistel Cipher with Adder Modulo
The paper discusses the Feistel cipher with a block size of n = 2m, where the addition of a round key and a part of an incoming massage in each round is carried out modulo 2m. In order to evaluate the security of such a cipher against differential and linear cryptanalyses, the new parameters of cipher s-boxes are introduced. The upper bounds of maximum average differential and linear probabilit...
متن کاملA Novel Method for Impossible Differential Cryptanalysis of 9-round Aes-256
Through in-depth study of the 4-round encryption characteristics of advanced encryption standard (AES), a new 4-round differential path with a probability of existence at 2 -30 has been derived. Based on this path, a novel method was proposed for impossible differential cryptanalysis of 8-round AES-256. The analysis method requires 2 95 pairs of chosen plaintexts, approximately 2 163 units of m...
متن کاملsLiSCP: Simeck-Based Permutations for Lightweight Sponge Cryptographic Primitives
In this paper, we propose a family of lightweight cryptographic permutations called sLiSCP, with the sole aim to provide a realistic minimal design that suits a variety of lightweight device applications. More precisely, we argue that for such devices the chip area dedicated for security purposes should, not only be consumed by an encryption or hashing algorithm, but also provide as many crypto...
متن کاملNovel Impossible Differential Cryptanalysis of Zorro Block Cipher
Impossible difference attack is a powerful tool for evaluating the security of block ciphers based on finding a differential characteristic with the probability of exactly zero. The linear layer diffusion rate of a cipher plays a fundamental role in the security of the algorithm against the impossible difference attack. In this paper, we show an efficient method, which is independent of the qua...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IET Information Security
دوره 1 شماره
صفحات -
تاریخ انتشار 2007