Results 1 
4 of
4
Refined analysis of bounds related to linear and differential cryptanalysis for the AES
 Fourth Conference on the Advanced Encryption Standard  AES4, volume 3373 of LNCS
, 2005
"... Abstract. The best upper bounds on the maximum expected linear probability (MELP) and the maximum expected differential probability (MEDP) for the AES, due to Park et al. [23], are 1.075 × 2 −106 and 1.144 × 2 −111, respectively, for T ≥ 4 rounds. These values are simply the 4 th powers of the best ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Abstract. The best upper bounds on the maximum expected linear probability (MELP) and the maximum expected differential probability (MEDP) for the AES, due to Park et al. [23], are 1.075 × 2 −106 and 1.144 × 2 −111, respectively, for T ≥ 4 rounds. These values are simply the 4 th powers of the best upper bounds on the MELP and MEDP for T = 2 [3, 23]. In our analysis we first derive nontrivial lower bounds on the 2round MELP and MEDP, thereby trapping each value in a small interval; this demonstrates that the best 2round upper bounds are quite good. We then prove that these same 2round upper bounds are not tight—and therefore neither are the corresponding upper bounds for T ≥ 4. Finally, we show how a modified version of the KMT2 algorithm (or its dual, KMT2DC), due to Keliher et al. (see [8]), can potentially improve any existing upper bound on the MELP (or MEDP) for any SPN. We use the modified version of KMT2 to improve the upper bound on the AES MELP to 1.778 × 2 −107, for T ≥ 8.
Completion of computation of improved upper bound on the maximum average linear hull probability for Rijndael
 Technical Report, IACR ePrint Archive (http://eprint.iacr.org, Paper # 2004/074
"... Abstract. This report presents the results from the completed computation of an algorithm introduced by the authors in [11] for evaluating the provable security of the AES (Rijndael) against linear cryptanalysis. This algorithm, later named KMT2, can in fact be applied to any SPN [8]. Preliminary re ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. This report presents the results from the completed computation of an algorithm introduced by the authors in [11] for evaluating the provable security of the AES (Rijndael) against linear cryptanalysis. This algorithm, later named KMT2, can in fact be applied to any SPN [8]. Preliminary results in [11] were based on 43 % of total computation, estimated at 200,000 hours on our benchmark machine at the time, a Sun Ultra 5. After some delay, we obtained access to the necessary computational resources, and were able to run the algorithm to completion. In addition to the above, this report presents the results from the dual version of our algorithm (KMT2DC) as applied to the AES.
Toward Provable Security Against Differential and Linear Cryptanalysis for Camellia and Related Ciphers
, 2007
"... We present a new algorithm that evaluates provable security against differential and linear cryptanalysis for Feistel ciphers with invertible substitutiondiffusion (SD)based round functions. This algorithm computes an upper bound on the maximum expected differential or linear probability (MEDP or ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We present a new algorithm that evaluates provable security against differential and linear cryptanalysis for Feistel ciphers with invertible substitutiondiffusion (SD)based round functions. This algorithm computes an upper bound on the maximum expected differential or linear probability (MEDP or MELP) based on the number of rounds. We then apply our algorithm to Camellia (minus FL/FL −1). Previously, the best upper bounds for Camellia were 2 −12 (both MEDP and MELP) for 3+ rounds. Our algorithm improves these bounds to 1.065 × 2 −28 (MEDP) and 1.161 × 2 −27 (MELP) for 6+ rounds. This is a first step toward establishing the provable security of Camellia and related ciphers against differential and linear cryptanalysis.
DIFFERENTIAL CRYPTANALYSIS FOR A 3ROUND SPN
"... SPNs (Substitution Permutation Networks) are one of the important architectures used for designing block ciphers. In our study, we applied differential cryptanalysis method for a 3round SPN. We have used a 16bit input as plaintext and 16bit output as ciphertext and chosen the first row of the thi ..."
Abstract
 Add to MetaCart
SPNs (Substitution Permutation Networks) are one of the important architectures used for designing block ciphers. In our study, we applied differential cryptanalysis method for a 3round SPN. We have used a 16bit input as plaintext and 16bit output as ciphertext and chosen the first row of the third Sbox of DES (Data Encryption Standard) for the necessary Sbox and ShiftRows transformation which is used to permute bytes in AES (Advanced Encryption Standard) for permutation of bits for our SPN. As a result, we have obtained 12bit key of 16bit key from the last round of the cipher using differential cryptanalysis method. I.