15 research outputs found
Differential Attacks Against SPN: A Thorough Analysis
International audienceThis work aims at determining when the two-round maximum expected differential probability in an SPN with an MDS diffusion layer is achieved by a differential having the fewest possible active Sboxes. This question arises from the fact that minimum-weight differentials include the best differentials for the AES and several variants. However, we exhibit some SPN for which the two-round MEDP is achieved by some differentials involving a number of active Sboxes which exceeds the branch number of the linear layer. On the other hand, we also prove that, for some particular families of Sboxes, the two-round MEDP is always achieved for minimum-weight differentials
On the influence of the algebraic degree of on the algebraic degree of
We present a study on the algebraic degree of iterated permutations seen as multivari-
ate polynomials. Our main result shows that this degree depends on the algebraic degree of the
inverse of the permutation which is iterated. This result is also extended to non-injective balanced
vectorial functions where the relevant quantity is the minimal degree of the inverse of a permutation
expanding the function. This property has consequences in symmetric cryptography since several
attacks or distinguishers exploit a low algebraic degree, like higher-order differential attacks, cube
attacks and cube testers, or algebraic attacks. Here, we present some applications of this improved
bound to a higher-degree variant of the block cipher KN , to the block cipher Rijndael-256 and to
the inner permutations of the hash functions ECHO and JH
Bison: Instantiating the Whitened Swap-Or-Not Construction
International audienceWe give the first practical instance-bison-of the Whitened Swap-Or-Not construction. After clarifying inherent limitations of the construction, we point out that this way of building block ciphers allows easy and very strong arguments against differential attacks
Direct construction of quasi-involutory recursive-like MDS matrices from 2-cyclic codes
A good linear diffusion layer is a prerequisite in the design of block ciphers. Usually it is obtained by combining matrices with optimal diffusion property over the Sbox alphabet. These matrices are constructed either directly using some algebraic properties or by enumerating a search space, testing the optimal diffusion property for every element. For implementation purposes, two types of structures are considered: Structures where all the rows derive from the first row and recursive structures built from powers of companion matrices. In this paper, we propose a direct construction for new recursive-like MDS matrices. We show they are quasi-involutory in the sense that the matrix-vector product with the matrix or with its inverse can be implemented by clocking a same LFSR-like architecture. As a direct construction, performances do not outperform the best constructions found with exhaustive search. However, as a new type of construction, it offers alternatives for MDS matrices design