Abstract
In [15], Keliher et al. present a new method for upper bounding the maximum average linear hull probability (MALHP) for SPNs, a value which is required to make claims about provable security against linear cryptanalysis. Application of this method to Rijndael (AES) yields an upper bound of UB = 2-75 when 7 or more rounds are approximated, corresponding to a lower bound on the data complexity of S UB32 = 280 (for a 96.7% success rate). In the current paper, we improve this upper bound for Rijndael by taking into consideration the distribution of linear probability values for the (unique) Rijndael 8×8 s-box. Our new upper bound on the MALHP when 9 rounds are approximated is 2-92, corresponding to a lower bound on the data complexity of 297 (again for a 96.7% success rate). [This is after completing 43% of the computation; however, we believe that values have stabilized-see Section 7]
Chapter PDF
References
C.M. Adams, A formal and practical design procedure for substitution-permutation network cryptosystems, Ph.D. Thesis, Queen’s University, Kingston, Canada, 1990.
K. Aoki and K. Ohta, Strict evaluation of the maximum average of differential probability and the maximum average of linear probability, IEICE Trans. Fundamentals, Vol. E80-A, No. 1, January 1997.
E. Biham, On Matsui’s linear cryptanalysis, Advances in Cryptology— EUROCRYPT’94, LNCS 950, Springer-Verlag, pp. 341–355, 1995.
E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, Journal of Cryptology, Vol. 4, No. 1, pp. 3–72, 1991.
J. Daemen, R. Govaerts, and J. Vandewalle, Correlation matrices, Fast Software Encryption: Second International Workshop, LNCS 1008, Springer-Verlag, pp. 275–285, 1995.
J. Daemen and V. Rijmen, AESpr oposal: Rijndael, http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf.
J. Daemen and V. Rijmen, AES(R ijndael) reference code in ANSI C, http://csrc.nist.gov/encryption/aes/rijndael/.
H. Feistel, Cryptography and computer privacy, Scientific American, Vol. 228, No. 5, pp. 15–23, May 1973.
H. Feistel, W.A. Notz, and J.L. Smith, Some cryptographic techniques for machine to machine data communications, Proceedings of the IEEE, Vol. 63, No. 11, pp. 1545–1554, November 1975.
C. Harpes, G. Kramer, and J. Massey, A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma, Advances in Cryptology—EUROCRYPT’95, LNCS 921, Springer-Verlag, pp. 24–38, 1995.
H.M. Heys and S.E. Tavares, Substitution-permutation networks resistant to differential and linear cryptanalysis, Journal of Cryptology, Vol. 9, No. 1, pp. 1–19, 1996.
S. Hong, S. Lee, J. Lim, J. Sung, and D. Cheon, Provable security against differential and linear cryptanalysis for the SPN structure, Fast Software Encryption (FSE 2000), LNCS 1978, Springer-Verlag, pp. 273–283, 2001.
L. Keliher, H. Meijer, and S. Tavares, Modeling linear characteristics of substitution-permutation networks, Sixth Annual International Workshop on Selected Areas in Cryptography (SAC’99), LNCS 1758, Springer-Verlag, pp. 78–91, 2000.
L. Keliher, H. Meijer, and S. Tavares, New method for upper bounding the maximum average linear hull probability for SPNs, Advances in Cryptology—EUROCRYPT 2001, LNCS 2045, Springer-Verlag, pp. 420–436, 2001.
L.R. Knudsen, Practically secure Feistel ciphers, Fast Software Encryption, LNCS 809, Springer-Verlag, pp. 211–221, 1994.
X. Lai, J. Massey, and S. Murphy, Markov ciphers and differential cryptanalysis, Advances in Cryptology—EUROCRYPT’91, LNCS 547, Springer-Verlag, pp. 17–38, 1991.
M. Matsui, Linear cryptanalysis method for DEScipher, Advances in Cryptology—EUROCRYPT’93, LNCS 765, Springer-Verlag, pp. 386–397, 1994.
M. Matsui, On correlation between the order of s-boxes and the strength of DES, Advances in Cryptology—EUROCRYPT’94, LNCS 950, Springer-Verlag, pp. 366–375, 1995.
W. Meier and O. Staffelbach, Nonlinearity criteria for cryptographic functions, Advances in Cryptology—EUROCRYPT’89, LNCS 434, Springer-Verlag, pp. 549–562, 1990.
K. Nyberg, Linear approximation of block ciphers, Advances in Cryptology—EUROCRYPT’94, LNCS 950, Springer-Verlag, pp. 439–444, 1995.
C.E. Shannon, Communication theory of secrecy systems, Bell System Technical Journal, Vol. 28, no. 4, pp. 656–715, 1949.
S. Vaudenay, On the security of CS-Cipher, Fast Software Encryption (FSE’99), LNCS 1636, Springer-Verlag, pp. 260–274, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Keliher, L., Meijer, H., Tavares, S. (2001). Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael. In: Vaudenay, S., Youssef, A.M. (eds) Selected Areas in Cryptography. SAC 2001. Lecture Notes in Computer Science, vol 2259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45537-X_9
Download citation
DOI: https://doi.org/10.1007/3-540-45537-X_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43066-7
Online ISBN: 978-3-540-45537-0
eBook Packages: Springer Book Archive