Abstract
In this paper we present a model for the bias values associated with linear characteristics of substitution-permutation networks (SPN’s). The first iteration of the model is based on our observation that for sufficiently large s-boxes, the best linear characteristic usually involves one active s-box per round. We obtain a result which allows us to compute an upper bound on the probability that linear cryptanalysis using such a characteristic is feasible, as a function of the number of rounds. We then generalize this result, upper bounding the probability that linear cryptanalysis is feasible when any linear characteristic may be used (no restriction on the number of active s-boxes). The work of this paper indicates that the basic SPN structure provides good security against linear cryptanalysis based on linear characteristics after a reasonably small number of rounds.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
R. Anderson, E. Biham and L. Knudsen, Serpent: A flexible block cipher with maximum assurance, The First Advanced Encryption Standard Candidate Conference, Proceedings, Ventura, California, August 1998.
E. Biham, On Matsui’s linear cryptanalysis, Advances in Cryptology—EUROCRYPT’94, Springer-Verlag, Berlin, pp. 341–355, 1995.
Z.G. Chen and S.E. Tavares, Towards provable security of substitution-permutation encryption networks, Fifth Annual International Workshop on Selected Areas in Cryptography—SAC’98, Springer-Verlag, Berlin, LNCS 1556, pp. 43–56, 1999.
H. Feistel, Cryptography and computer privacy, Scientific American, Vol. 228, No. 5, pp. 15–23, May 1973.
H.M. Heys, The design of substitution-permutation network ciphers resistant to cryptanalysis, Ph.D. Thesis, Queen’s University, Kingston, Canada, 1994.
H.M. Heys and S.E. Tavares, Avalanche characteristics of substitution-permutation encryption networks, IEEE Transactions on Computers, Vol. 44, No. 9, pp. 1131–1139, September 1995.
H.M. Heys and S.E. Tavares, Substitution-permutation networks resistant to differential and linear cryptanalysis, Journal of Cryptology, Vol. 9, No. 1, pp. 1–19, 1996.
J.B. Kam and G.I. Davida, Structured design of substitution-permutation encryption networks, IEEE Transactions on Computers, Vol. C-28, No. 10, pp. 747–753, October 1979.
M. Matsui, Linear cryptanalysismethod for DES cipher, Advances in Cryptology—Proceedings of EUROCRYPT’93, Springer-Verlag, Berlin, pp. 386–397, 1994.
M. Matsui, On correlation between the order of s-boxes and the strength of DES, Advances in Cryptology—EUROCRYPT’94, Springer-Verlag, Berlin, pp. 366–375, 1995.
M. Matsui, The first experimental cryptanalysis of the Data Encryption Standard, Advances in Cryptology—CRYPTO’94, Springer-Verlag, Berlin, pp. 1–11, 1994.
National Institute of Standards and Technology, Information Technology Laboratory, The First Advanced Encryption Standard Candidate Conference, Proceedings, Ventura, California, August 1998.
K. Nyberg, Linear approximation of block ciphers, Advances in Cryptology—EUROCRYPT’94, Springer-Verlag, Berlin, pp. 439–444, 1995.
L. O’Connor, Properties of linear approximation tables, Fast Software Encryption: Second International Workshop, Springer-Verlag, Berlin, pp. 131–136, 1995.
C.E. Shannon, Communication theory of secrecy systems, Bell System Technical Journal, Vol. 28, no. 4, pp. 656–715, 1949.
A.M. Youssef and S.E. Tavares, Resistance of balanced s-boxes to linear and differential cryptanalysis, Information Processing Letters, Vol. 56, pp. 249–252, 1995.
A.M. Youssef Analysis and design of block ciphers Ph.D. Thesis, Queen’s University, Kingston, Canada, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Keliher, L., Meijer, H., Tavares, S. (2000). Modeling Linear Characteristics of Substitution-Permutation Networks. In: Heys, H., Adams, C. (eds) Selected Areas in Cryptography. SAC 1999. Lecture Notes in Computer Science, vol 1758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46513-8_6
Download citation
DOI: https://doi.org/10.1007/3-540-46513-8_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67185-5
Online ISBN: 978-3-540-46513-3
eBook Packages: Springer Book Archive