Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Resistance of balanced s-boxes to linear and differential cryptanalysis
Information Processing Letters
Avalanche Characteristics of Substitution-Permutation Encryption Networks
IEEE Transactions on Computers
Toward Provable Security of Substitution-Permutation Encryption Networks
SAC '98 Proceedings of the Selected Areas in Cryptography
The First Experimental Cryptanalysis of the Data Encryption Standard
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Analysis and design of block ciphers
Analysis and design of block ciphers
Structured Design of Substitution-Permutation Encryption Networks
IEEE Transactions on Computers
Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
| Hi-index | 0.01 |
In this paper we present a model for the bias values associated with linear characteristics of substitution-permutation networks (SPN's). The first iteration of the model is based on our observation that for sufficiently large s-boxes, the best linear characteristic usually involves one active s-box per round. We obtain a result which allows us to compute an upper bound on the probability that linear cryptanalysis using such a characteristic is feasible, as a function of the number of rounds. We then generalize this result, upper bounding the probability that linear cryptanalysis is feasible when any linear characteristic may be used (no restriction on the number of active s-boxes). The work of this paper indicates that the basic SPN structure provides good security against linear cryptanalysis based on linear characteristics after a reasonably small number of rounds.