Cryptanalysis and Design of Block Ciphers

This thesis focuses on cryptanalysis techniques and design of block ciphers. In particular, modern analysis methods such as square, boomerang, impossible differential and linear attacks are described and applied to real block ciphers. The first part of this thesis concentrates on the two most relevant modern cryptanalysis techniques: linear and differential cryptanalysis. These and related techniques have been applied to SAFER K/SK/+/++, IDEA, Hierocrypt3, Hierocrypt-L1, Skipjack and the PES ciphers. In many attacks, the interaction between the block cipher and its key schedule algorithm was exploited, so that the complexity of key-recovery attacks could be reduced. These analyses often led to the discovery of weak keys, namely, key values for which the attack complexity was comparatively lower than for a random key. In some cases, the existence of weak keys, derived from the original key schedule, and holding for the whole cipher, might suggest a need for a redesign of the key setup algorithm. The second part of this thesis describes and analyzes new block ciphers, called MESH, which were designed with the same group operations as the IDEA block cipher. Three designs are presented: MESH-64, MESH-96, and MESH128. Their novel features include: (i) flexible block sizes (in increments of 32 bits), (ii) larger round functions (MA-boxes) compared to IDEA, (iii) distinct key-mixing layers for odd and even rounds, and (iv) new key schedule algorithms that achieve fast key avalanche. Estimates for the software performance of MESH ciphers indicate better or comparable speed to that of triple-DES. A preliminary security evaluation of these three ciphers included truncated and impossible differentials, linear, square, slide and advanced-slide, multiplicative differentials (on simplified versions), and Demirci’s attacks, among others. The initial results of these attacks seem to indicate that the MESH ciphers present a relatively large margin of security against modern cryptanalysis techniques. Other cipher designs are further suggested, based on the flexible MA-boxes, and on the alternative AM-boxes.