Improving the Upper Bound on the Maximum Differential and the Maximum Linear Hull Probability for SPN Structures and AES

  • Sangwoo Park
  • Soo Hak Sung
  • Sangjin Lee
  • Jongin Lim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2887)


We present a new method for upper bounding the maximum differential probability and the maximum linear hull probability for 2 rounds of SPN structures. Our upper bound can be computed for any value of the branch number of the linear transformation and by incorporating the distribution of differential probability values and linear probability values for S-box. On application to AES, we obtain that the maximum differential probability and the maximum linear hull probability for 4 rounds of AES are bounded by 1.144 × 2− 111 and 1.075 × 2− 106, respectively.


Linear Transformation Block Cipher Linear Probability Branch Number Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-bit block cipher suitable for multiple platforms - design and analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Shannon, C.E.: Communication Theory of Secrecy System. Bell System Technical Journal 28, 656–715 (1949)zbMATHMathSciNetGoogle Scholar
  4. 4.
    Daemen, J., Govaerts, R., Vandwalle, J.: Correlation matrices. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 275–285. Springer, Heidelberg (1995)Google Scholar
  5. 5.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Daemen, J., Rijmen, V.: Rijndael, AES Proposal (1998),
  7. 7.
    Hong, S., Lee, S., Lim, J., Sung, J., Cheon, D., Cho, I.: Provable security against differential and linear cryptanalysis for the SPN structure. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 273–283. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Kang, J.-S., Hong, S., Lee, S., Yi, O., Park, C., Lim, J.: Practical and provable security against differential and linear cryptanalysis for substitution-permutation networks. ETRI Journal 23(4), 158–167 (2001)CrossRefGoogle Scholar
  9. 9.
    Keliher, L., Meijer, H., Tavares, S.: Improving the upper bound on the maximum average linear hull probability for Rijndael. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 112–128. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Keliher, L., Meijer, H., Tavares, S.: New method for upper bounding the maximum average linear hull probability for SPNs. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 420–436. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Lim, C.H.: CRYPTON, AES Proposal (1998),
  12. 12.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  13. 13.
    NTT-Nippon Telegraph and Telephone Corporation. E2: Efficient Encryption algorithm, AES Proposal (1998),
  14. 14.
    National Institute of Standards and Technology. FIPS PUB 197: Advanced Encryption Standard(AES) (November 2001)Google Scholar
  15. 15.
    Park, S., Sung, S.H., Chee, S., Yoon, E.-J., Lim, J.: On the security of Rijndael-like structures against differential and linear cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 176–191. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Sangwoo Park
    • 1
  • Soo Hak Sung
    • 2
  • Sangjin Lee
    • 3
  • Jongin Lim
    • 3
  1. 1.National Security Research InstituteKorea
  2. 2.Department of Applied MathematicsPai Chai UniversityKorea
  3. 3.Center for Information Security Technologies(CIST)Korea UniversityKorea

Personalised recommendations