Results 1  10
of
17
SubstitutionPermutation Networks Resistant to Differential and Linear Cryptanalysis
 JOURNAL OF CRYPTOLOGY
, 1996
"... In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differenti ..."
Abstract

Cited by 29 (10 self)
 Add to MetaCart
In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large Sboxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.
The Use of Bent Sequences to Achieve HigherOrder Strict Avalanche Criterion in SBox Design
, 1990
"... : Recently, Pieprzyk and Finkelstein described a construction procedure for the substitution boxes (sboxes) of SubstitutionPermutation Network cryptosystems which yielded sboxes of high nonlinearity. Shortly afterward, in seemingly unrelated work, Yarlagadda and Hershey discussed the analysis and ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
: Recently, Pieprzyk and Finkelstein described a construction procedure for the substitution boxes (sboxes) of SubstitutionPermutation Network cryptosystems which yielded sboxes of high nonlinearity. Shortly afterward, in seemingly unrelated work, Yarlagadda and Hershey discussed the analysis and synthesis of binary bent sequences of length 4 k , for k a positive integer. In this paper, we report on work which not only extends the results of both of these papers, but also combines them through the concept of "higher orders" of the Strict Avalanche Criterion for Boolean functions. We discuss the implications for sbox design and the use of such sboxes in the construction of DESlike cryptosystems. 1 The authors are with the Department of Electrical Engineering, Queen's University at Kingston, Ontario, K7L 3N6 2 The Use of Bent Sequences to Achieve HigherOrder Strict Avalanche Criterion in SBox Design 1 Introduction Substitution boxes (sboxes) are a critical component of ...
Recent Developments in the Design of Conventional Cryptographic Algorithms
 Computer Security and Industrial Cryptography  State of the Art and Evolution, LNCS
, 1998
"... This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.
Imprimitive permutation groups and trapdoors in iterated block ciphers
 6th International Workshop, FSE’99
, 1999
"... Abstract. An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the message space then there is an exploitable weakness in the cipher. It is demonstrated that a weakness of this type can be used to construct a trapdoor that may be difficult to detect. An example of a DESlike cipher, resistant to both linear and differential cryptanalysis that generates an imprimitive group and is easily broken, is given. Some implications for block cipher design are noted. 1
Maximum Correlation Analysis of Nonlinear Sboxes
 in Stream Ciphers”, LNCS 1880, Crypto’2000
, 2000
"... Abstract. This paper investigates the design of Sboxes used for combining linear feedback shift register (LFSR) sequences in combination generators. Such combination generators have higher throughput than those using Boolean functions as the combining functions. However, Sboxes tend to leak more in ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. This paper investigates the design of Sboxes used for combining linear feedback shift register (LFSR) sequences in combination generators. Such combination generators have higher throughput than those using Boolean functions as the combining functions. However, Sboxes tend to leak more information about the LFSR sequences than Boolean functions. To study the information leakage, the notion of maximum correlation is introduced, which is based on the correlation between linear functions of the input and all the Boolean functions (linear and nonlinear) of the output of an Sbox. Using Walsh transform, a spectral characterization of the maximum correlation coefficients, together with their upper and lower bounds, are established. For the perfect nonlinear Sboxes designed for block ciphers, an upper bound on the maximum correlation coefficients is presented. 1
On Cryptographic Properties of Random Boolean Functions
 Electronic Journal of Universal Computer Science
, 1998
"... Boolean functions used in cryptographic applications have to satisfy various cryptographic criteria. Although the choice of the criteria depends on the cryptosystem in which they are used, there are some properties (balancedness, nonlinearity, high algebraic degree, correlation immunity, propagation ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Boolean functions used in cryptographic applications have to satisfy various cryptographic criteria. Although the choice of the criteria depends on the cryptosystem in which they are used, there are some properties (balancedness, nonlinearity, high algebraic degree, correlation immunity, propagation criteria) which a cryptographically strong Boolean function ought to have. We study the above mentioned properties in the set of all Boolean functions (all balanced Boolean functions) and prove that almost every Boolean function (almost every balanced Boolean function) satisfies all above mentioned criteria on levels very close to optimal and therefore can be considered to be cryptographically strong.
An analysis of a class of algorithms for Sbox construction
"... We analyze a very general class of algorithms for constructing mbit invertible Sboxes called bitbybit methods. The method builds an Sbox one entry at a time, and has been proposed by Adams and Tavares [2], and Forr'e [11] to construct Sboxes that satisfy certain cryptographic properties such ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We analyze a very general class of algorithms for constructing mbit invertible Sboxes called bitbybit methods. The method builds an Sbox one entry at a time, and has been proposed by Adams and Tavares [2], and Forr'e [11] to construct Sboxes that satisfy certain cryptographic properties such as nonlinearity and the strict avalanche criterion. We will prove, both theoretically and empirically, that that the bitbybit method is infeasible for m ? 6. Keywords: Product ciphers, Sboxes, permutations. 1 The author is currently employed by the Distributed System Technology Center (DSTC) Brisbane, Australia. Correspondence should be sent to DSTC, Level 12, ITE Building, QUT, Gardens Point, 2 George Street, GPO Box 2434, Brisbane Q 4001, Australia; email oconnor@dstc.edu.au. 1 Introduction Most modern conventional key cryptosystems are based on the notion of product ciphers [31] which represent a class of cryptosystems that iterate a composite operation to map plaintext to ciphert...
A Study on the Construction and Analysis of Substitution Boxes for Symmetric Cryptosystems
, 1990
"... S(ubstitution)boxes are quite important components of modern symmetric cryptosystems (in particular, block ciphers) in the sense that Sboxes bring nonlinearity to block ciphers and strengthen their cryptographic security. An Sbox is said to satisfy the strict avalanche criterion (SAC), if and onl ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
S(ubstitution)boxes are quite important components of modern symmetric cryptosystems (in particular, block ciphers) in the sense that Sboxes bring nonlinearity to block ciphers and strengthen their cryptographic security. An Sbox is said to satisfy the strict avalanche criterion (SAC), if and only if for any single input bit of the Sbox, the inversion of it changes each output bit with probability one half. In this thesis, with the concrete proof of cryptographical properties of Sboxes satisfying the SAC, we propose a variety of provable construction methods for Sboxes satisfying the SAC. For Boolean Sboxes satisfying the SAC, we can construct and enlarge them by using concatenation, Kronecker (or direct) product, and dyadic shift. For bijective Sboxes satisfying the SAC, when an nbit input Boolean function and an nbit input bijective function satisfying the SAC are given, the combined function is proved to become an (n+1)bit bijective function satisfying the SAC as well. A...
The InclusionExclusion Principle and its Applications to Cryptography
, 1995
"... The inclusionexclusion principle is a combinatorial method for determining the cardinality of a set where each element X 2 U satisfies a list of properties u 1 ; u 2 ; : : : ; u n . In this paper we will display the usefulness of the inclusionexclusion principle by solving 8 problems of interest ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The inclusionexclusion principle is a combinatorial method for determining the cardinality of a set where each element X 2 U satisfies a list of properties u 1 ; u 2 ; : : : ; u n . In this paper we will display the usefulness of the inclusionexclusion principle by solving 8 problems of interest to cryptography. These problems will concentrate on the enumeration of boolean functions and permutations that have properties which are considered to be necessary for a cryptographic mapping to be secure. In particular we will be concerned with the properties of nonlinearity and nondegeneracy as these properties correspond to Shannon's notions of confusion and diffusion, respectively. Keywords: probability, enumeration, inclusionexclusion principle, boolean functions, permutations. 1 Introduction In cryptography we are often interested in determining the probability that a certain event may occur. For example, what is the probability that a given block C of ciphertext is encoded using a...