## Refined analysis of bounds related to linear and differential cryptanalysis for the AES (2005)

Venue: | Fourth Conference on the Advanced Encryption Standard - AES4, volume 3373 of LNCS |

Citations: | 6 - 1 self |

### BibTeX

@INPROCEEDINGS{Keliher05refinedanalysis,

author = {Liam Keliher},

title = {Refined analysis of bounds related to linear and differential cryptanalysis for the AES},

booktitle = {Fourth Conference on the Advanced Encryption Standard - AES4, volume 3373 of LNCS},

year = {2005},

pages = {42--57},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

Abstract. The best upper bounds on the maximum expected linear probability (MELP) and the maximum expected differential probability (MEDP) for the AES, due to Park et al. [23], are 1.075 × 2 −106 and 1.144 × 2 −111, respectively, for T ≥ 4 rounds. These values are simply the 4 th powers of the best upper bounds on the MELP and MEDP for T = 2 [3, 23]. In our analysis we first derive nontrivial lower bounds on the 2-round MELP and MEDP, thereby trapping each value in a small interval; this demonstrates that the best 2-round upper bounds are quite good. We then prove that these same 2-round upper bounds are not tight—and therefore neither are the corresponding upper bounds for T ≥ 4. Finally, we show how a modified version of the KMT2 algorithm (or its dual, KMT2-DC), due to Keliher et al. (see [8]), can potentially improve any existing upper bound on the MELP (or MEDP) for any SPN. We use the modified version of KMT2 to improve the upper bound on the AES MELP to 1.778 × 2 −107, for T ≥ 8.