Counting Active S-Boxes is not Enough

Communication theory of secrecy systems

Abstract: THE problems of cryptography and secrecy systems furnish an interesting application of communication theory.1 In this paper a theory of secrecy systems is developed. The approach is on a theoretical level and is intended to complement the treatment found in standard works on cryptography.2 There, a detailed study is made of the many standard types of codes and ciphers, and of the ways of breaking them. We will be more concerned with the general mathematical structure and properties of secrecy systems.

PRESENT: An Ultra-Lightweight Block Cipher

Abstract: With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present . Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream ciphers.

Differential Cryptanalysis of the Data Encryption Standard

Abstract: DES, the Data Encryption Standard, is one of several cryptographic standards. The authors of this text detail their cryptanalytic "attack" upon DES and several other systems, using creative and novel tactics to demonstrate how they broke DES up into 16 rounds of coding. The methodology used offers valuable insights to cryptographers and cryptanalysts alike in creating new encryption standards, strengthening current ones, and exploring new ways to test important data protection schemes. This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems. It describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants. The differential cryptanalysis of "Feal" and several other cryptosystems is also described. This method can also be used to cryptanalyze hash functions, as is exemplified by the cryptanalysis of "Snefru".

On the Design of S-Boxes

Abstract: The ideas of completeness and the avalanche effect were first introduced by Kam and Davida [1] and Feistel [2], respectively. If a cryptographic transformation is complete, then each ciphertext bit must depend on all of the plaintext bits. Thus, if it were possible to find the simplest Boolean expression for each ciphertext bit in terms of the plaintext bits, each of those expressions would have to contain all of the plaintext bits if the function was complete. Alternatively, if there is at least one pair of n-bit plaintext vectors X and Xi that differ only in bit i, and f(X) and f(Xi) differ at least in bit j for all $$ \{ (i,j)|1 \leqslant i,j \leqslant n\}$$ then the function f must be complete.

Truncated and higher order differentials

Abstract: In [6] higher order derivatives of discrete functions were considered and the concept of higher order differentials was introduced. We introduce the concept of truncated differentials and present attacks on ciphers presumably secure against differential attacks, but vulnerable to attacks using higher order and truncated differentials. Also we give a differential attack using truncated differentials on DES reduced to 6 rounds using only 46 chosen plaintexts with an expected running time of about the time of 3,500 encryptions. Finally it is shown how to find a minimum nonlinear order of a block cipher using higher order differentials.