Results 1  10
of
11
SubstitutionPermutation Networks Resistant to Differential and Linear Cryptanalysis
 JOURNAL OF CRYPTOLOGY
, 1996
"... In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differenti ..."
Abstract

Cited by 30 (10 self)
 Add to MetaCart
(Show Context)
In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large Sboxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.
Designing SBoxes For Ciphers Resistant To Differential Cryptanalysis
 PROCEEDINGS OF THE 3RD SYMPOSIUM ON STATE AND PROGRESS OF RESEARCH IN CRYPTOGRAPHY
, 1993
"... This paper examines recent work in the area of bentfunctionbased substitution boxes in order to refine the relationship between sbox construction and immunity to the differential cryptanalysis attack described by Biham and Shamir. It is concluded that mxn sboxes, m<n, which are partially bent ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
(Show Context)
This paper examines recent work in the area of bentfunctionbased substitution boxes in order to refine the relationship between sbox construction and immunity to the differential cryptanalysis attack described by Biham and Shamir. It is concluded that mxn sboxes, m<n, which are partially bentfunctionbased are the most appropriate choice for privatekey cryptosystems constructed as substitutionpermutation networks (SPNs). Since sboxes of this dimension and with this property have received little attention in the open literature, this paper provides a description of their construction and shows how they can be incorporated in a design procedure for a family of SPN cryptosystems with desirable cryptographic properties.
Constructing symmetric ciphers using the CAST design procedure
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1997
"... This paper describes the CAST design procedure for constructing a family of DESlike SubstitutionPermutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and relatedkey cryptanalysis, along with a number of other desirable ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
This paper describes the CAST design procedure for constructing a family of DESlike SubstitutionPermutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and relatedkey cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (sboxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.
Linear cryptanalysis of substitutionpermutation networks
, 2003
"... The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of al ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of all bijective n × n sboxes. We derive an expression for the expected linear probability values of such an SPN, and give evidence that this expression converges to the corresponding value for the true random cipher. This adds quantitative support to the claim that the SPN structure is a good approximation to the true random cipher. We conjecture that this convergence holds for a large class of SPNs. In addition, we derive a lower bound on the probability that an SPN with randomly selected sboxes is practically secure against linear cryptanalysis after a given number of rounds. For common block sizes, experimental evidence indicates that this probability rapidly approaches 1 with an increasing number of rounds.
A life’s work on Hadamard matrices, statistical designs, Bent functions and their application to computer and information security and telecommunications”, URL http://www.cs.uow.edu.au/people/jennie/ lifework.html
"... ..."
(Show Context)
Cryptanalysis of substitutionpermutation networks using keydependent degeneracy
 Cryptologia
, 1996
"... Abstract — This paper presents a novel cryptanalysis of SubstitutionPermutation Networks using a chosen plaintext approach. The attack is based on the highly probable occurrence of keydependent degeneracies within the network and is applicable regardless of the method of Sbox keying. It is shown ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract — This paper presents a novel cryptanalysis of SubstitutionPermutation Networks using a chosen plaintext approach. The attack is based on the highly probable occurrence of keydependent degeneracies within the network and is applicable regardless of the method of Sbox keying. It is shown that a large number of rounds are required before a network is resistant to the attack. Experimental results have found 64bit networks to be cryptanalyzable for as many as 8 to 12 rounds depending on the Sbox properties.
On the Design of Secure Block Ciphers
 Queen’s 17 th Biennial Symposium on Communications
, 1994
"... Abstract — In this paper, we examine a class of block ciphers referred to as substitutionpermutation networks or SPNs. We assert that the basic SPN architecture can be used to provide an efficient implementation of a secure block cipher if the system Sboxes are carefully selected and connected with ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract — In this paper, we examine a class of block ciphers referred to as substitutionpermutation networks or SPNs. We assert that the basic SPN architecture can be used to provide an efficient implementation of a secure block cipher if the system Sboxes are carefully selected and connected with an appropriate linear transformation. Specifically, it is shown that ¡£¢¤ ¡ Sboxes which possess good diffusion and nonlinearity properties may be effectively used as components of a secure block cipher. As well, it is demonstrated that the cipher may be strengthened by replacing the permutation of bits between Sbox rounds with a diffusive linear transformation.
Networks Using KeyDependent Degeneracy
"... aCryptanalysis of SubstitutionPermutation ..."
(Show Context)
Abst SubstitutionPermutation Networks Resistant to Differential and Linear Cryptanalysis†‡
, 1994
"... ct — In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differ ..."
Abstract
 Add to MetaCart
(Show Context)
ct — In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large Sboxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.