New Applications of T-Functions in Block Ciphers and Hash Functions

  • Alexander Klimov
  • Adi Shamir
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3557)


A T-function is a mapping from n-bit words to n-bit words in which for each 0 ≤ i <n, bit i of any output word can depend only on bits 0,1,..., i of any input word. All the boolean operations and most of the numeric operations in modern processors are T-functions, and all their compositions are also T-functions. Our earlier papers on the subject dealt with “crazy” T-functions which are invertible mappings (including Latin squares and multipermutations) or single cycle permutations (which can be used as state update functions in stream ciphers). In this paper we use the theory of T-functions to construct new types of primitives, such as MDS mappings (which can be used as the diffusion layers in substitution/permutation block ciphers), and self-synchronizing hash functions (which can be used in self-synchronizing stream ciphers or in “fuzzy” string matching applications).


Hash Function Block Cipher Stream Cipher Input Word Invertible Mapping 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  2. 2.
    Broder, A., Glassman, S., Manasse, M., Zweig, G.: Syntactic Clustering of the Web, Available from
  3. 3.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael. version 2 (1999)Google Scholar
  4. 4.
    Klimov, A., Shamir, A.: A new class of invertible mappings. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 470–483. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Klimov, A., Shamir, A.: Cryptographic Applications of T-functions. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Klimov, A., Shamir, A.: New cryptographic primitives based on multiword T-functions. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Tridgell, A., Mackerras, P.: The rsync algorithm, Available from

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Alexander Klimov
    • 1
  • Adi Shamir
    • 1
  1. 1.Computer Science departmentThe Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations