Lai-Massey Scheme Revisited

Lai-Massey scheme is a well-known block cipher structure which has been used in the design of the ciphers PES, IDEA, WIDEA, FOX and MESH. Recently, the lightweight block cipher FLY applied this structure in the construction of a lightweight $8 \times 8$ S-box from $4 \times 4$ ones. In the current paper, firstly we investigate the linear, differential and algebraic properties of the general form of S-boxes used in FLY, mathematically. Then, based on this study, a new cipher structure is proposed which we call generalized Lai-Massey scheme or GLM. We give upper bounds for the maximum average differential probability (MADP) and maximum average linear hull (MALH) of GLM and after examination of impossible differentials and zero-correlations of one round of this structure, we show that two rounds of GLM do not have any structural impossible differentials or zero-correlations. As a measure of structural security, we prove the pseudo-randomness of GLM by the H-coefficient method

Statistical Properties of the Square Map Modulo a Power of Two

The square map is one of the functions that is used in cryptography. For instance, the square map is used in Rabin encryption scheme, block cipher RC6 and stream cipher Rabbit, in different forms. In this paper we study a special case of the square map, namely the square function modulo a power of two. We obtain probability distribution of the output of this map as a vectorial Boolean function. We find probability distribution of the component Boolean functions of this map. We present the joint probability distribution of the component Boolean functions of this function. We introduce a new function which is similar to the function that is used in Rabbit cipher and we compute the probability distribution of the component Boolean functions of this new map

Construction of New Families of ‎MDS‎ Diffusion Layers

Diffusion layers are crucial components of symmetric ciphers‎. ‎These components‎, ‎along with suitable Sboxes‎, ‎can make symmetric ciphers resistant against statistical attacks like linear and differential cryptanalysis‎. ‎Conventional ‎‎MDS diffusion layers, which are defined as matrices over finite fields, have been used in symmetric ciphers such as AES‎, ‎Twofish and SNOW‎. ‎In this paper‎, ‎we study linear, linearized and nonlinear MDS diffusion layers‎. We investigate linearized diffusion layers, ‎which are a generalization of conventional diffusion layers‎; t‎hese diffusion layers are used in symmetric ciphers like SMS4‎, ‎Loiss and ZUC‎. W‎e introduce some ‎new ‎families of linearized MDS diffusion layers ‎and as a consequence, ‎we ‎present a‎ ‎method ‎for ‎construction of ‎‎‎‎randomized linear ‎‎‎‎‎diffusion ‎layers over a finite field. Nonlinear MDS diffusion layers are introduced in Klimov\u27s thesis; we investigate nonlinear MDS diffusion layers theoretically, and we present a new family of nonlinear MDS diffusion layers. We show that these nonlinear diffusion layers can be made randomized with a low ‎implementatio‎n cost. An important fact about linearized and nonlinear diffusion layers is that they are more resistant against algebraic attacks in comparison to conventional diffusion layers. A ‎special case of diffusion layers are ‎‎‎(0,1)‎-‎diffusion layers. This type of diffusion layers are used in symmetric ciphers like ARIA‎. ‎W‎e examine (0,1)‎-‎diffusion layers and prove a theorem about them‎. ‎At last‎, ‎we study linearized MDS diffusion layers of symmetric ciphers Loiss, SMS4 and ZUC‎, from the mathematical viewpoint

Cryptographic Properties of Addition Modulo 2n2^n

The operation of modular addition modulo a power of two is one of the most applied operations in symmetric cryptography. For example, modular addition is used in RC6, MARS and Twofish block ciphers and RC4, Bluetooth and Rabbit stream ciphers. In this paper, we study statistical and algebraic properties of modular addition modulo a power of two. We obtain probability distribution of modular addition carry bits along with conditional probability distribution of these carry bits. Using these probability distributions and Markovity of modular addition carry bits, we compute the joint probability distribution of arbitrary number of modular addition carry bits. Then, we examine algebraic properties of modular addition with a constant and obtain the number of terms as well as algebraic degrees of component Boolean functions of modular addition with a constant. Finally, we present another formula for the ANF of the component Boolean functions of modular addition modulo a power of two. This formula contains more information than representations which are presented in cryptographic literature, up to now

Efficient MDS Diffusion Layers Through Decomposition of Matrices

Diffusion layers are critical components of symmetric ciphers. MDS matrices are diffusion layers of maximal branch number which have been used in various symmetric ciphers. In this article, we examine decomposition of cyclic matrices from mathematical viewpoint and based on that, we present new cyclic MDS matrices. From the aspect of implementation, the proposed matrices have lower implementation costs both in software and hardware, compared to what is presented in cryptographic literature, up to our knowledge

On Cryptographic Applications of Matrices Acting on Finite Commutative Groups and Rings

Abstract: In this paper, we investigate matrices acting on finite commutative groups and rings. In fact, we study modules on ring of matrices ove

Statistical properties of the square map

Abstract The square map is one of the functions used in cryptography. For instance, the square map is used in Rabin encryption scheme, block cipher RC6 and stream cipher Rabbit, in different forms. In this paper, we study statistical properties of the output of the square map as a vectorial Boolean function. We obtain the joint probability distribution of arbitrary number of the upper and the lower bits of the output of square map along with the asymptotic probability distribution of the upper bits of its output. Based upon a measure for evaluating the imbalance of maps, we study the imbalance of limit distribution of the restriction of square map to its upper bits. Last, we introduce the square root map and examine this map as a vectorial Boolean function; we compute probability distribution of the component Boolean functions of this new map and also obtain the imbalance of the square root map