Completion of Computation of Improved Upper Bound on the Maximum Average Linear Hull Probabilty for Rijndael
نویسندگان
چکیده
This report presents the results from the completed computation of an algorithm introduced by the authors in [11] for evaluating the provable security of the AES (Rijndael) against linear cryptanalysis. This algorithm, later named KMT2, can in fact be applied to any SPN [8]. Preliminary results in [11] were based on 43% of total computation, estimated at 200,000 hours on our benchmark machine at the time, a Sun Ultra 5. After some delay, we obtained access to the necessary computational resources, and were able to run the algorithm to completion. In addition to the above, this report presents the results from the dual version of our algorithm (KMT2-DC) as applied to the AES.
منابع مشابه
Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael
In 15], Keliher et al. present a new method for upper bounding the maximum average linear hull probability (MALHP) for SPNs, a value which is required to make claims about provable security against linear cryptanalysis. Application of this method to Rijndael (AES) yields an upper bound of UB = 2 ?75 when 7 or more rounds are approximated, corresponding to a lower bound on the data complexity of...
متن کاملCompletion of Computation of Improved Upper Bound on the Maximum Average Linear Hull Probability for Rijndael
This report presents the results from the completed computation of an algorithm introduced by the authors in [11] for evaluating the provable security of the AES (Rijndael) against linear cryptanalysis. This algorithm, later named KMT2, can in fact be applied to any SPN [8]. Preliminary results in [11] were based on 43% of total computation, estimated at 200,000 hours on our benchmark machine a...
متن کاملNew Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs
We present a new algorithm for upper bounding the maximum average linear hull probability for SPNs, a value required to determine provable security against linear cryptanalysis. The best previous result (Hong et al. [9]) applies only when the linear transformation branch number (B) is M or (M + 1) (maximal case), where M is the number of s-boxes per round. In contrast, our upper bound can be co...
متن کاملOn the Security of Rijndael-Like Structures against Differential and Linear Cryptanalysis
Rijndael-like structure is a special case of SPN structure. The linear transformation of Rijndael-like structures consists of linear transformations of two types, the one is byte permutation π and the other is linear transformation θ = (θ1, θ2, θ3, θ4), where each of θi separately operates on each of the four columns of a state. Furthermore, π and θ have some interesting properties. In this pap...
متن کاملSecurity Assessment of Hierocrypt and Rijndael against the Differential and Linear Cryptanalysis (Extended Abstract)
The authors analyze the security of Hierocrypt-3(128-bit) and Hierocrypt-L1(64-bit) designed on the nested SPN(NSPN) structure against the differential and linear cryptanalysis, and found that they are sufficiently secure, e.g., the maximum average differential and linear hull probabilities (MACP and MALHP) are bounded by 2−96 for 4-round of Hierocrypt-3; those probabilities are bounded by 2−48...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2004 شماره
صفحات -
تاریخ انتشار 2004