Modeling Linear Characteristics of Substitution-Permutation Networks
نویسندگان
چکیده
In this paper we present a model for the bias values associated with linear characteristics of substitution-permutation networks (SPN's). The rst iteration of the model is based on our observation that for suuciently large s-boxes, the best linear characteristic usually involves one active s-box per round. We obtain a result which allows us to compute an upper bound on the probability that linear cryptanalysis using such a characteristic is feasible, as a function of the number of rounds. We then generalize this result, upper bounding the probability that linear cryptanalysis is feasible when any linear characteristic may be used (no restriction on the number of active s-boxes). The work of this paper indicates that the basic SPN structure provides good security against linear cryptanalysis based on linear characteristics after a reasonably small number of rounds.
منابع مشابه
FINDING HIGHLY PROBABLE DIFFERENTIAL CHARACTERISTICS OF SUBSTITUTION-PERMUTATION NETWORKS USING GENETIC ALGORITHMS
In this paper, we propose a genetic algorithm, called GenSPN, for finding highly probable differential characteristics of substitution permutation networks (SPNs). A special fitness function and a heuristic mutation operator have been used to improve the overall performance of the algorithm. We report our results of applying GenSPN for finding highly probable differential characteristics of Ser...
متن کاملAvalanche Characteristics of Substitution-Permutation Encryption Networks
Abstract — This paper develops analytical models for the avalanche characteristics of a class of block ciphers usually referred to as substitution-permutation encryption networks or SPNs. An SPN is considered to display good avalanche characteristics if a one bit change in the plaintext input is expected to result in close to half the ciphertext output bits changing. Good avalanche characterist...
متن کاملOn the Design of Linear Transformations for Substitution Permutation Encryption Networks
In this paper we study the security of Substitution Permutation Encryption Networks (SPNs) with randomly selected bijective substitution boxes and a randomly selected invertible linear transformation layer. In particular, our results show that for such a 64–bit SPN using 8 8 s-boxes, the number of s-boxes involved in any 2 rounds of a linear approximation or a differential characteristic is equ...
متن کاملPractical and Provable Security against Differential and Linear Cryptanalysis for Substitution - Permutation Networks
We examine the diffusion layers of some block ciphers referred to as substitution-permutation networks. We investigate the practical and provable security of these diffusion layers against differential and linear cryptanalysis. First, in terms of practical security, we show that the minimum number of differentially active S-boxes and that of linearly active S-boxes are generally not identical a...
متن کاملLinear Cryptanalysis of Substitution-Permutation Networks
The subject of this thesis is linear cryptanalysis of substitution-permutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the s-boxes are selected independently and uniformly from the set of all bijective n × n s-boxes. We derive an expression for the expected linear probability values of s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1999