# Perfect involutory diffusion layers based on invertibility of some linear functions

TL;DR: A construction is proposed for a 4-4 linear diffusion layer that can intermix four words of arbitrary size with branch number 5 and extended for 8-8 diffusion layer using low-cost linear functions to show the efficiency of the proposed diffusion layer.

Abstract: One of the most important structures used in modern block ciphers is the substitution-permutation network (SPN) structure. Many block ciphers with this structure widely use Maximun Distance Separable (MDS) matrices over finite fields as their diffusion layers, for example, advanced encryption standard (AES) uses a 4-4 MDS matrix as the main part of its diffusion layer and the block cipher Khazad has an involutory 8-8 matrix. In this study, first a construction is proposed for a 4-4 linear diffusion layer that can intermix four words of arbitrary size with branch number 5. Then extend this idea for 8-8 diffusion layer using low-cost linear functions. In this construction, first, certain binary linear combinations of inputs are fed into two or three different invertible linear functions and then combined using XOR operation. In order to show the efficiency of the proposed diffusion layer, the authors exploit it in a nested SPN structure and compare its efficiency with some well-known diffusion layers such as the diffusion layer of Hierocrypt.

##### Citations

More filters

••

19 Mar 2012

TL;DR: This paper proposes a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively Finally, we try to extend our results for up to 8×8 words diffusion layers

76 citations

### Cites methods from "Perfect involutory diffusion layers..."

...Moreover, in the nested SPN structure of Hierocrypt, we replaced the MDS matrix of AES in GF(232) (because inputs of MDSH are 4 32-bit words) with irreducible polynomial x32+x7+x5+ x3 +x2 +x+1 [13] instead of the binary matrix MDSH....

[...]

...As an extension, we can use Lemma 3 of [13]....

[...]

••

TL;DR: This paper proposes a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear. We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer, which is an indication of the highest level of security with respect to linear and differential attacks. We try to extend our results for up to 8×8 words diffusion layers. The proposed diffusion layers only require simple operations such as word-level XORs, rotations, and they have simple inverses. They can replace the diffusion layer of several block ciphers and hash functions in the literature to increase their security, and performance. Furthermore, it can be deployed in the design of new efficient lightweight block ciphers and hash functions in future.

12 citations

### Cites methods from "Perfect involutory diffusion layers..."

...As an extension, we can use Lemma 3 of [10]....

[...]

...But since MDS code of AES is over GF(28) and the inputs of MDSH are four 32-bit words, we modified the corresponding irreducible polynomial in AES and replaced it with x32 + x7 + x5 + x3 + x2 + x + 1 [10] to work over GF(232), which would still remain MDS....

[...]

##### References

More filters

•

14 Feb 2002

TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.

Abstract: 1. The Advanced Encryption Standard Process.- 2. Preliminaries.- 3. Specification of Rijndael.- 4. Implementation Aspects.- 5. Design Philosophy.- 6. The Data Encryption Standard.- 7. Correlation Matrices.- 8. Difference Propagation.- 9. The Wide Trail Strategy.- 10. Cryptanalysis.- 11. Related Block Ciphers.- Appendices.- A. Propagation Analysis in Galois Fields.- A.1.1 Difference Propagation.- A.l.2 Correlation.- A. 1.4 Functions that are Linear over GF(2).- A.2.1 Difference Propagation.- A.2.2 Correlation.- A.2.4 Functions that are Linear over GF(2).- A.3.3 Dual Bases.- A.4.2 Relationship Between Trace Patterns and Selection Patterns.- A.4.4 Illustration.- A.5 Rijndael-GF.- B. Trail Clustering.- B.1 Transformations with Maximum Branch Number.- B.2 Bounds for Two Rounds.- B.2.1 Difference Propagation.- B.2.2 Correlation.- B.3 Bounds for Four Rounds.- B.4 Two Case Studies.- B.4.1 Differential Trails.- B.4.2 Linear Trails.- C. Substitution Tables.- C.1 SRD.- C.2 Other Tables.- C.2.1 xtime.- C.2.2 Round Constants.- D. Test Vectors.- D.1 KeyExpansion.- D.2 Rijndael(128,128).- D.3 Other Block Lengths and Key Lengths.- E. Reference Code.

3,444 citations

••

01 Jan 2002

TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.

Abstract: From the Publisher:
In October 2000, the US National Institute of Standards and Technology selected the block cipher Rijndael as the Advanced Encryption Standard (AES). AES is expected to gradually replace the present Data Encryption Standard (DES) as the most widely applied data encryption technology.|This book by the designers of the block cipher presents Rijndael from scratch. The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked. Subsequent chapters review all known attacks against the Rijndael structure and deal with implementation and optimization issues. Finally, other ciphers related to Rijndael are presented.|This volume is THE authoritative guide to the Rijndael algorithm and AES. Professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.

2,140 citations

•

01 Jan 1993TL;DR: This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.

Abstract: DES, the Data Encryption Standard, is one of several cryptographic standards. The authors of this text detail their cryptanalytic "attack" upon DES and several other systems, using creative and novel tactics to demonstrate how they broke DES up into 16 rounds of coding. The methodology used offers valuable insights to cryptographers and cryptanalysts alike in creating new encryption standards, strengthening current ones, and exploring new ways to test important data protection schemes. This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems. It describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants. The differential cryptanalysis of "Feal" and several other cryptosystems is also described. This method can also be used to cryptanalyze hash functions, as is exemplified by the cryptanalysis of "Snefru".

1,009 citations

•

TL;DR: This paper proposes a new, large diffusion layer for the AES block cipher that replaces the ShiftRows and MixColumns operations by a new involutory matrix in every round, using the Cauchy matrix construction instead of circulant matrices such as in the AES.

Abstract: This paper proposes a new, large diffusion layer for the AES block cipher. This new layer replaces the ShiftRows and MixColumns operations by a new involutory matrix in every round. The objective is to provide complete diffusion in a single round, thus sharply improving the overall cipher security. Moreover, the new matrix elements have low Hamming-weight in order to provide equally good performance for both the encryption and decryption operations. We use the Cauchy matrix construction instead of circulant matrices such as in the AES. The reason is that circulant matrices cannot be simultaneously MDS and involutory.

56 citations