Nonlinearity criteria for cryptographic functions
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael
Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Improving the Search Algorithm for the Best Linear Expression
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
On the Security of Rijndael-Like Structures against Differential and Linear Cryptanalysis
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Practically Secure Feistel Cyphers
Fast Software Encryption, Cambridge Security Workshop
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Provable Security against Differential and Linear Cryptanalysis for the SPN Structure
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Differential and linear cryptanalysis for 2-round SPNs
Information Processing Letters
Linear cryptanalysis of substitution-permutation networks
Linear cryptanalysis of substitution-permutation networks
Markov ciphers and differential cryptanalysis
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Battery power-aware encryption
ACM Transactions on Information and System Security (TISSEC)
Revisiting the security of the ALRED design
ISC'10 Proceedings of the 13th international conference on Information security
Automatic search of attacks on round-reduced AES and applications
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
New method for bounding the maximum differential probability for SPNs and ARIA
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Understanding two-round differentials in AES
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Proving the security of AES substitution-permutation network
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
"Provable" security against differential and linear cryptanalysis
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
| Hi-index | 0.00 |
The best upper bounds on the maximum expected linear probability (MELP) and the maximum expected differential probability (MEDP) for the AES, due to Park et al. [23], are 1.075 × 2−−106 and 1.144 × 2−−111, respectively, for T ≥ 4 rounds. These values are simply the 4th powers of the best upper bounds on the MELP and MEDP for T=2 [3,23]. In our analysis we first derive nontrivial lower bounds on the 2-round MELP and MEDP, thereby trapping each value in a small interval; this demonstrates that the best 2-round upper bounds are quite good. We then prove that these same 2-round upper bounds are not tight—and therefore neither are the corresponding upper bounds for T ≥ 4. Finally, we show how a modified version of the KMT2 algorithm (or its dual, KMT2-DC), due to Keliher et al. (see [8]), can potentially improve any existing upper bound on the MELP (or MEDP) for any SPN. We use the modified version of KMT2 to improve the upper bound on the AES MELP to 1.778 × 2−−107,for T ≥ 8.