Book ChapterDOI
Counting Active S-Boxes is not Enough
Orr Dunkelman,Abhishek Kumar,Eran Lambooij,Somitra Kumar Sanadhya +3 more
- pp 332-344
TLDR
The wide trail strategy as discussed by the authors suggests to ensure that the number of active S-boxes in a differential characteristic or a linear approximation is sufficiently high, thus, offering security against differential and linear attacks.Abstract:
Inspired by the works of Nyberg and Knudsen, the wide trail strategy suggests to ensure that the number of active S-boxes in a differential characteristic or a linear approximation is sufficiently high, thus, offering security against differential and linear attacks. Many cipher designers are relying on this strategy, and most new designs include analysis based on counting the number of active S-boxes.read more
References
More filters
Book ChapterDOI
MILP-Based Automatic Search Algorithms for Differential and Linear Trails for Speck
TL;DR: This paper proposes an MILP-based method for automatic search for differential characteristics and linear approximations in ARX ciphers and presents a method to describe the differential characteristic and linear approximation with linear inequalities under the assumptions of independent inputs to the modular addition and independent rounds.
Book ChapterDOI
Improving the upper bound on the maximum differential and the maximum linear hull probability for SPN structures and AES
TL;DR: On application to AES, it is obtained that the maximum differential probability and the maximum linear hull probability for 4 rounds of AES are bounded by 1.144 × 2− 111 and 1.075 ×2− 106, respectively.
Book ChapterDOI
Multidimensional Linear Cryptanalysis of Reduced Round Serpent
TL;DR: A new truly multidimensional approach to generalise Matsui's Algorithm 1.0 is presented and it is shown that the multiddimensional approach is more effective in recovering key bits correctly than the previous methods that use a multiple of one-dimensional linear approximations.
Book ChapterDOI
Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function
TL;DR: The necessary condition for desirable P-functions is investigated, which means that the round functions are invulnerable to both differential and linear cryptanalyses.
Journal ArticleDOI
Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard
Liam Keliher,Jiayuan Sui +1 more
TL;DR: An algorithm that computes the exact MEDP and MELP for the two-round Advanced Encryption Standard (AES) is presented, and the computational results of the algor- ithm are provided.