On MARS’s s-boxes Strength against Linear Cryptanalysis
MARS’s s-boxes were generated using a new algorithm developed by the IBM team, which was supposedly able of producing secure s-boxes against both differential and linear cryptanalysis. In this paper we show this is not the case, because their strength against linear cryptanalysis is not better (in fact, it seems to be worse) that what could be expected if generated randomly.
Unable to display preview. Download preview PDF.
- 1.Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, R., Halevi, S., Jutla, C., Matyas, S., O’ Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS-a candidate cipher for AES. Proceedings of the First AES Conference (1999). Revised September 22, 1999Google Scholar
- 2.Burnett, L., Carter, G., Dawson, E., Millan, W.: Efficient Methods for generating MARS like S-boxes. Proceedings of the Fast Software Encryption 2000 (FSE’2000Google Scholar
- 3.Robshaw, M., Yin, Y.L.: Potential flaws in the conjectured resistance of MARS to linear cryptanalysis: Proceedings of the 3rd AES ConferenceGoogle Scholar
- 4.Knudsen, L., Raddum, H.: Linear Approximation to the MARS S-box. NESSIE Deliverable, April 2000Google Scholar
- 5.Aoki, K.: The Complete Distribution of Linear Probabilites of MARS’s s-box. Cryptology e-print no 33, June 30, 2000Google Scholar
- 6.Millan, W., Clark, A., Dawson, E.: Boolean Function Desing using Hill-Climbing Methods. Proceedings of the Symposium on Applied Cryptography (SAC’97). LNCS 1587Google Scholar
- 7.Millan, W., Burnett, G., Carter, G., Clark, A., Dawson, E.: Evolutionary Heuristics for finding Cryptographically strong s-boxes. Proceedings of the Information and Communication Security, Second International Conference, ICICS’99, Sydney, Australia, November 9-11, 1999. Lecture Notes in Computer Science 1726Google Scholar