Provable Security against Differential and Linear Cryptanalysis for the SPN Structure

  • Seokhie Hong
  • Sangjin Lee
  • Jongin Lim
  • Jaechul Sung
  • Donghyeon Cheon
  • Inho Cho
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1978)


In the SPN (Substitution-Permutation Network) structure, it is very important to design a diffusion layer to construct a secure block cipher against differential cryptanalysis and linear cryptanalysis. The purpose of this work is to prove that the SPN structure with a maximal diffusion layer provides a provable security against differential cryptanalysis and linear cryptanalysis in the sense that the probability of each differential (respectively linear hull) is bounded by p n (respectively q n), where p (respectively q) is the maximum differential (respectively liner hull) probability of n S-boxes used in the substitution layer.We will also give a provable security for the SPN structure with a semi-maximal diffusion layer against differential cryptanalysis and linear cryptanalysis.


Block Cipher Branch Number Round Function Linear Hull Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    E. Biham and A. Shamir, Differential Cryptanalysis of DES-like Cryptosystem, Journal of Cryptoloy, Vol.4, pp. 3–72, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    E. Biham and A. Shamir, Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, Advanced in cryptology-CRYPTO’91, pp. 156–171, Springer-Verlag, 1991.Google Scholar
  3. 3.
    E. Biham, On Matsui’s Linear Cryptanalysis, Advanced in cryptology-EUROCRYPT’94, pp. 341–355, Springer-Verlag, 1994.Google Scholar
  4. 4.
    J. Daemen, R. Govaerts and J. Vandewalle, Correlation Matrices, Proceedings of the first international workshop of the Fast Software Encryption, LNCS 1008, pp. 275–285, Springer-Verlag, 1994.Google Scholar
  5. 5.
    M. Kanda, Y. Takashima, T. Matsumoto, K. Aoki and K. Ohta, A Strategy for Constructing Fast Functions with Practical Security against Differential and Linear Cryptanalysis, Proceedings of SAC’98, 1998.Google Scholar
  6. 6.
    M. Matsui, Linear cryptanalysis method for DES cipher, Advanced in cryptology-EUROCRYPT’ 93, pp. 386–397, Springer-Verlag, 1993.Google Scholar
  7. 7.
    M. Matsui, The first Experimental cryptanalysis of DES, Advanced in cryptology-CRYPTO’94, pp. 1–11, Springer-Verlag, 1994.Google Scholar
  8. 8.
    M. Matsui, New Block Encryption Algorithm MISTY, Proceedings of the fourth international workshop of Fast Software Encryption, Springer-Verlag, pp. 53–67, 1997.Google Scholar
  9. 9.
    K. Nyberg and L. R. Knudsen, Provable security against a differential attack, Advanced in cryptology-CRYPTO’92, pp. 566–574, Springer-Verlag, 1992.Google Scholar
  10. 10.
    K. Nyberg, Differentially uniform mappings for cryptography, Advanced in cryptology-EUROCRYPT’93, pp. 55–64, Springer-Verlag, 1993.Google Scholar
  11. 11.
    K. Nyberg, Linear Approximation of block ciphers, Advanced in cryptology-EUROCRYPT’94, pp. 439–444, Springer-Verlag, 1994.Google Scholar
  12. 12.
    V. Rijmen, J. Daemen et al, The cipher SHARK, Proceedings of the fourth international workshop of Fast Software Encryption, pp. 137–151, Springer-Verlag, 1997.Google Scholar
  13. 13.
    J. Daemen and V. Rijmen, The Rijdael block cipher, AES proposal, 1998.Google Scholar
  14. 14.
    J. Kang, C. Park, S. Lee and J. Lim, On the optimal diffusion layer with practical security against Differential and Linear Cryptanalysis, Preproceedings of ICISC’99, pp. 13–20, 1999.Google Scholar
  15. 15.
    X. Lai, J. L. Massey and S. Murphy Markov Ciphers and Differential Cryptanalysis, Advances in Cryptology-EUROCRYPT’91, pp 17–38, Springer-Verlag, 1992.Google Scholar
  16. 16.
    J. Daemen, Cipher and hash function design strategies based on linear and differential cryptanalysis, Doctoral Dissertation, March 1995, K.U. Leuven.Google Scholar
  17. 17.
    K. Aoki and K. Ohta, Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability, IEICE Transactions Fundamentals of Electronics, Communications and Computer Science, Vol. E80A,No. 1, pp. 2–8, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Seokhie Hong
    • 1
  • Sangjin Lee
    • 1
  • Jongin Lim
    • 1
  • Jaechul Sung
    • 1
  • Donghyeon Cheon
    • 1
  • Inho Cho
    • 1
  1. 1.Center for Information and Security Technologies(CIST)Korea UniversitySeoulKOREA

Personalised recommendations