Provable Security of Substitution-Permutation Networks
نویسندگان
چکیده
Many modern block ciphers are constructed based on the paradigm of substitution-permutation networks (SPNs). But, somewhat surprisingly—especially in comparison with Feistel networks, which have been analyzed by dozens of papers going back to the seminal work of Luby and Rackoff—there are essentially no provable-security results about SPNs. In this work, we initiate a comprehensive study of the security of SPNs as strong pseudorandom permutations when the underlying “S-box” is modeled as a public random permutation. We show that 3 rounds of S-boxes are necessary and sufficient for secure linear SPNs, but that even 1-round SPNs can be secure when non-linearity is allowed. Additionally, our results imply security in settings where an SPN structure is used for domain extension of a block cipher, even when the attacker has direct access to the small-domain block cipher.
منابع مشابه
Practical and Provable Security against Differential and Linear Cryptanalysis for Substitution - Permutation Networks
We examine the diffusion layers of some block ciphers referred to as substitution-permutation networks. We investigate the practical and provable security of these diffusion layers against differential and linear cryptanalysis. First, in terms of practical security, we show that the minimum number of differentially active S-boxes and that of linearly active S-boxes are generally not identical a...
متن کاملFINDING HIGHLY PROBABLE DIFFERENTIAL CHARACTERISTICS OF SUBSTITUTION-PERMUTATION NETWORKS USING GENETIC ALGORITHMS
In this paper, we propose a genetic algorithm, called GenSPN, for finding highly probable differential characteristics of substitution permutation networks (SPNs). A special fitness function and a heuristic mutation operator have been used to improve the overall performance of the algorithm. We report our results of applying GenSPN for finding highly probable differential characteristics of Ser...
متن کاملProvable Security against Differential and Linear Cryptanalysis for the SPN Structure
In the SPN (Substitution-Permutation Network) structure, it is very important to design a diffusion layer to construct a secure block cipher against differential cryptanalysis and linear cryptanalysis. The purpose of this work is to prove that the SPN structure with a maximal diffusion layer provides a provable security against differential cryptanalysis and linear cryptanalysis in the sense th...
متن کاملArtemia: a family of provably secure authenticated encryption schemes
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...
متن کاملDecorrelated Fast Cipher : an AES CandidateExtended
This report presents a response to the call for candidates issued by the National Institute for Standards and Technologies (the Advanced Encryption Standard project). The proposed candidate | called DFC as for \Decorrelated Fast Cipher" | is based on the recent decorre-lation technique. This provides provable security against several classes of attacks which include Diierential Cryptanalysis an...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017