Results 1 
7 of
7
On The Design Of SBoxes
, 1986
"... each of which contains n bits, or avalanche variables. If this procedure is repeated for all i such that 1 < i < m, and one half of the avalanche variables are equal to 1 for each i, then the function f has good avalanche effect. Of course this method can be pursued only if m is fairly small; other ..."
Abstract

Cited by 108 (8 self)
 Add to MetaCart
each of which contains n bits, or avalanche variables. If this procedure is repeated for all i such that 1 < i < m, and one half of the avalanche variables are equal to 1 for each i, then the function f has good avalanche effect. Of course this method can be pursued only if m is fairly small; otherwise, the number of plaintext vectors becomes too large. If that is the case then the best that can be done is to take a random sample of plaintext vectors X, and for each value of i calculate all the avalanche vectors V i . If approximately one half the resulting avalanche variables are equal to 1 for all values of i, then we can conclude that the function has a good avalanche effect. THE STRICT AVALANCHE CRITERION AND THE INDEPENBENCE OF AVALANCHE VARIABLES The concepts of completeness and the avalanche effect can be combined to define a new prope
On the Design of Permutation P in DES Type Cryptosystems
 Advances in Cryptology: Proceedings of EUROCRYPT ’89
, 1990
"... This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first pre ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
This paper reviews some possible design criteria for the permutation P in a DES style cryptosystem. These permutations provide the diffusion component in a substitutionpermutation network. Some empirical rules which seem to account for the derivation of the permutation used in the DES are first presented. Then it is noted that these permutations may be regarded as latinsquares which link the outputs of Sboxes to their inputs at the next stage. A subset of these with an extremely regular structure, and which perform well in a dependency analysis are then presented and suggested for use in future schemes of both current and extended versions of the DES. 1.
Nondegenerate Functions and Permutations
"... One of the basic design criteria for a block encryption function is to ensure that for each fixed key, each ciphertext bit depends nonlinearly on each plaintext bit. When the ciphertext is represented using boolean equations depending on the key and plaintext, these equations should then be nondegen ..."
Abstract
 Add to MetaCart
One of the basic design criteria for a block encryption function is to ensure that for each fixed key, each ciphertext bit depends nonlinearly on each plaintext bit. When the ciphertext is represented using boolean equations depending on the key and plaintext, these equations should then be nondegenerate so that it is possible that each bit of the key and plaintext can influence each ciphertext bit. We prove that nondegeneracy in a boolean function can be verified in linear time on average. We study higher order nondegeneracy and prove that for balanced nbit functions, on average, at least n \Gamma dlog ne \Gamma 2 input bits must be held constant before a degenerate subfunction is induced. We also prove that the fraction of nbit permutations within the symmetric group that are realized by nondegenerate boolean functions tends to one as n increases. Letting N n;n be the set of nondegenerate permutations, we formally prove that 1 \Gamma L n ! jN n;n j 2 n ! ! 1 \Gamma L n + ...
On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses
, 1989
"... ) Yuliang Zheng Tsutomu Matsumoto Hideki Imai Division of Electrical and Computer Engineering Yokohama National University 156 Tokiwadai, Hodogaya, Yokohama, 240 Japan August 1989 Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has ..."
Abstract
 Add to MetaCart
) Yuliang Zheng Tsutomu Matsumoto Hideki Imai Division of Electrical and Computer Engineering Yokohama National University 156 Tokiwadai, Hodogaya, Yokohama, 240 Japan August 1989 Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has the following ideal properties: (1) The cipher is provably secure, (2) Security of the cipher does not depend on any unproved hypotheses, (3) The cipher can be easily implemented with current technology, and (4) All design criteria for the cipher are made public. It is currently unclear whether or not there really exists such an ideal block cipher. So to meet the requirements of practical applications, the best thing we can do is to construct a block cipher such that it approximates the ideal one as closely as possible. In this paper, we make a significant step in this direction. In particular, we construct several block ciphers each of which has the above mentioned properties (2), (3) and (...
Designing Product Ciphers using Markov Chains
"... In this paper we consider the design of product ciphers based on Markov chains. We examine two particular chains which are related to the differential and linear cryptanalysis attacks. Both of these chains approach the uniform distribution which indicates that appropriately designed ciphers are secu ..."
Abstract
 Add to MetaCart
In this paper we consider the design of product ciphers based on Markov chains. We examine two particular chains which are related to the differential and linear cryptanalysis attacks. Both of these chains approach the uniform distribution which indicates that appropriately designed ciphers are secure against these attacks. The maximum deviation from the uniform distribution can be used as guide for the number of rounds the cipher should iterate. 1 Introduction Horst Feistel 1 has made the observation that `all cryptography amounts to substitution'. A substitution S is simply a mapping that replaces one character sequence P , called a plaintext, by another character sequence C, called a ciphertext. The class of algorithms for substitutions we will examine in this paper are known as product ciphers [8, 9, 22]. This term was originally introduced by Shannon [22] who envisaged secure ciphers based on the successive iteration of two or more noncommutative operations. The idea is that pr...
Cryptanalysis Of Des With A Reduced Number Of Rounds
 Advances in Cryptology, CRYPTO 85
, 1986
"... this paper, we use a slightly modified version of DES in which IP,IP  ],PC1 are not used and E,P are com bined to one table EP (cf. Davio et al [83], pp. 184185). Thus the following mappings are used in our version of DES: EP::232:248: EPx is formed from x as follows: first y=Px is formed by p ..."
Abstract
 Add to MetaCart
this paper, we use a slightly modified version of DES in which IP,IP  ],PC1 are not used and E,P are com bined to one table EP (cf. Davio et al [83], pp. 184185). Thus the following mappings are used in our version of DES: EP::232:248: EPx is formed from x as follows: first y=Px is formed by permuting the 32 bits of x; then EPx=Ey is formed by taking 16 of the 32 bits of y once and the other 16 twice; . 6 4 Sj.I:2>: 2 (.]' = I, ,8): the mappings defined by the Sboxes; S:F24S>:232:S(x)=(S]x, ' '  ,S8x8) for x=(xl, ' ,x8) with L.r56 ,48 (i = 1,  16): LikPC2(Cr(i)kl,Cr(i)k2) for k=0q,k2) with kl,k 2 :228. Here t.r 2 >1" 2 , Cx is formed from x by applying a cyclic left shift to the bits of x, r(i) is an integer determined by the shift pattern in the NBSdescription of the keyscheduling and PC2(x,y) is formed from x,y by selecting 24 bits from x, selecting 24 bits from y and permuting the selected 48 bits in some order
Tsutomu Matsumoto
, 1989
"... Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has the following ideal properties: (1) The cipher is provably secure, (2) Security of the cipher does not depend on any unproved hypotheses, (3) The cipher can be easily implemented wit ..."
Abstract
 Add to MetaCart
Abstract One of the ultimate goals of cryptography researchers is to construct a (secretekey) block cipher which has the following ideal properties: (1) The cipher is provably secure, (2) Security of the cipher does not depend on any unproved hypotheses, (3) The cipher can be easily implemented with current technology, and (4) All design criteria for the cipher are made public. It is currently unclear whether or not there really exists such an ideal block cipher. So to meet the requirements of practical applications, the best thing we can do is to construct a block cipher such that it approximates the ideal one as closely as possible. In this paper, we make a significant step in this direction. In particular, we construct several block ciphers each of which has the above mentioned properties (2), (3) and (4) as well as the following one: (1′) Security of the cipher is supported by convincing evidence. Our construction builds upon profound mathematical bases for information security recently established in a series of excellent papers. 1. Motivations and Summary of Results Data Encryption Standard (DES) designed by IBM about fifteen years ago