Proving Resistance Against Infinitely Long Subspace Trails: How to Choose the Linear Layer

Designing cryptographic permutations and block ciphers using a substitutionpermutation network (SPN) approach where the nonlinear part does not cover entire state has recently gained attention due to favorable implementation characteristics in various scenarios.For word-oriented partial SPN (P-SPN) schemes with fixed linear layer, our goal is better understand how details of layer affect security construction. In this paper, we derive conditions that allow us either set up or prevent attacks based on infinitely long truncated differentials probability 1. Our analysis rather broad compared earlier independent work problem since consider (1) both invariant non-invariant/iterative trails, (2) trails without active S-boxes.For these cases, provide rigorous sufficient necessary for matrix defines analyzed attacks. On practical side, present tool can determine whether given vulnerable results. Furthermore, propose condition that, if satisfied, ensures no differential exists. This related degree irreducibility minimal polynomial layer. Besides P-SPN schemes, observations may also have crucial impact Hades design strategy, which mixes rounds full S-box layers layers.