Recursive Diffusion Layers for Block Ciphers and Hash Functions

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7549)


Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear. We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer. The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses. They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively. Finally, we try to extend our results for up to 8×8 words diffusion layers.


Block ciphers Diffusion layer Branch number Provable security 


  1. 1.
    Bernstein, D.J.: The Salsa20 Stream Cipher. Symmetric Key Encryption Workshop, SKEW (2005),
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  3. 3.
    Daemen, J.: Cipher and Hash Function Design Strategies Based on Linear and Differential Cryptanalysis. PhD thesis, Elektrotechniek Katholieke Universiteit Leuven, Belgium (1995)Google Scholar
  4. 4.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002)Google Scholar
  5. 5.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON Family of Lightweight Hash Functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED Block Cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Junod, P., Vaudenay, S.: Perfect Diffusion Primitives for Block Ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 84–99. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Kang, J., Hong, S., Lee, S., Yi, O., Park, C., Lim, J.: Practical and Provable Security Against Differential and Linear Cryptanalysis for Substitution-Permutation Networks. ETRI Journal 23(4), 158–167 (2001)CrossRefGoogle Scholar
  9. 9.
    Lee, C., Kim, J., Sung, J., Hong, S., Lee, S.: Provable Security for an RC6-like Structure and a MISTY-FO-like Structure Against Differential Cryptanalysis. In: Gavrilova, M.L., Gervasi, O., Kumar, V., Tan, C.J.K., Taniar, D., Laganá, A., Mun, Y., Choo, H. (eds.) ICCSA 2006. LNCS, vol. 3982, pp. 446–455. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  11. 11.
    Matsui, M.: New Structure of Block Ciphers with Provable Security Against Differential and Linear Cryptanalysis. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 205–218. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  12. 12.
    Nyberg, K., Knudsen, L.: Provable Security Against a Differential Attack. Journal of Cryptology 8(1), 27–37 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Ohkuma, K., Muratani, H., Sano, F., Kawamura, S.: The Block Cipher Hierocrypt. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 72–88. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Sajadieh, M., Dakhilalian, M., Mala, H.: Perfect Involutory Diffusion Layers Based on Invertibility of Some Linear Functions. IET Information Security Journal 5(1), 228–236 (2011)CrossRefGoogle Scholar
  15. 15.
    Schnorr, C.-P., Vaudenay, S.: Black Box Cryptanalysis of Hash Networks Based on Multipermutations. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 47–57. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  16. 16.
    Vaudenay, S.: On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 286–297. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  17. 17.
    Wang, M., Nakahara Jr., J., Sun, Y.: Cryptanalysis of the Full MMB Block Cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 231–248. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Wu, H.: The Hash Function JH. Submission to NIST (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Cryptography & System Security Research Laboratory, Department of Electrical and Computer EngineeringIsfahan University of TechnologyIsfahanIran
  2. 2.Department of Information Technology EngineeringUniversity of IsfahanIsfahanIran
  3. 3.EPFLLausanneSwitzerland

Personalised recommendations