Toward Provable Security Against Differential and Linear Cryptanalysis for Camellia and Related Ciphers
نویسنده
چکیده
We present a new algorithm that evaluates provable security against differential and linear cryptanalysis for Feistel ciphers with invertible substitution-diffusion (SD)-based round functions. This algorithm computes an upper bound on the maximum expected differential or linear probability (MEDP or MELP) based on the number of rounds. We then apply our algorithm to Camellia (minus FL/FL). Previously, the best upper bounds for Camellia were 2 (both MEDP and MELP) for 3+ rounds. Our algorithm improves these bounds to 1.065 × 2 (MEDP) and 1.161× 2 (MELP) for 6+ rounds. This is a first step toward establishing the provable security of Camellia and related ciphers against differential and linear cryptanalysis.
منابع مشابه
On a Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
We introduce a new methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round functions, round functions with recursive structure, and substitution boxes of different sizes. The first realizes parallel computation of the round functions without losing provable security, and th...
متن کاملNew Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
Abst rac t . We introduce a methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round functions, round functions with recursive structure, and substitution boxes of different sizes. The first realizes parallel computation of the round functions without losing provable securit...
متن کاملA new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کاملParallelisable variants of Camellia and SMS4 block cipher: p-Camellia and p-SMS4
We propose two parallelisable variants of Camellia and SMS4 block ciphers based on the n-cell GF-NLFSR. The n-cell generalised Feistel-non-linear feedback shift register (GF-NLFSR) structure (Choy et al., 2009a) is a generalised unbalanced Feistel network that can be considered as a generalisation of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other n-cell...
متن کاملAutomatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others
While differential behavior of modern ciphers in a single secret key scenario is relatively well understood, and simple techniques for computation of security lower bounds are readily available, the security of modern block ciphers against related-key attacks is still very ad hoc. In this paper we make a first step towards provable security of block ciphers against related-key attacks by presen...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 5 شماره
صفحات -
تاریخ انتشار 2007