Advertisement

On the Behaviors of Affine Equivalent Sboxes Regarding Differential and Linear Attacks

  • Anne CanteautEmail author
  • Joëlle Roué
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9056)

Abstract

This paper investigates the effect of affine transformations of the Sbox on the maximal expected differential probability \(\mathrm {MEDP}\) and linear potential \(\mathrm {MELP}\) over two rounds of a substitution-permutation network, when the diffusion layer is linear over the finite field defined by the Sbox alphabet. It is mainly motivated by the fact that the \(2\)-round \(\mathrm {MEDP}\) and \(\mathrm {MELP}\) of the AES both increase when the AES Sbox is replaced by the inversion in \(\mathbf {F}_{2^8}\). Most notably, we give new upper bounds on these two quantities which are not invariant under affine equivalence. Moreover, within a given equivalence class, these new bounds are maximal when the considered Sbox is an involution. These results point out that different Sboxes within the same affine equivalence class may lead to different two-round \(\mathrm {MEDP}\) and \(\mathrm {MELP}\). In particular, we exhibit some examples where the basis chosen for defining the isomorphism between \(\mathbf {F}_2^m\) and \(\mathbf {F}_{2^m}\) affects these values. For Sboxes with some particular properties, including all Sboxes of the form \(A(x^s)\) as in the AES, we also derive some lower and upper bounds for the \(2\)-round \(\mathrm {MEDP}\) and \(\mathrm {MELP}\) which hold for any MDS linear layer.

Keywords

Sboxes Affine equivalence Differential cryptanalysis Linear cryptanalysis AES 

References

  1. 1.
    Abdelraheem, M.A., Ågren, M., Beelen, P., Leander, G.: On the distribution of linear biases: three instructive examples. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 50–67. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Barreto, P.S.: Implementation of the SQUARE block cipher. http://www.larc.usp.br/~pbarreto/sqjava21.zip
  3. 3.
    Bending, T.D., Fon-Der-Flaass, D.: Crooked Functions, Bent Functions, and Distance Regular Graphs. Electr. J. Comb. 5 (1998)Google Scholar
  4. 4.
    Bierbrauer, J., Kyureghyan, G.M.: Crooked binomials. Designs, Codes and Cryptography 46(3), 269–301 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 3–72 (1991)Google Scholar
  6. 6.
    Biryukov, A., De Cannière, C., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Blondeau, C., Bogdanov, A., Leander, G.: Bounds in shallows and in miseries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 204–221. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  8. 8.
    Blondeau, C., Nyberg, K.: New links between differential and linear cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  9. 9.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: PRINCE – A low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçin, T.: PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version). IACR Cryptology ePrint Archive 529 (2012)Google Scholar
  11. 11.
    Brinkmann, M., Leander, G.: On the classification of APN functions up to dimension five. Designs, Codes and Cryptography 49(1–3), 273–288 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Budaghyan, L., Carlet, C., Leander, G.: Two Classes of Quadratic APN Binomials Inequivalent to Power Functions. IEEE Transactions on Information Theory 54(9), 4218–4229 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  13. 13.
    Canteaut, A., Charpin, P.: Decomposing bent functions. IEEE Transactions on Information Theory 49(8), 2004–2019 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Chun, K., Kim, S., Lee, S., Sung, S.H., Yoon, S.: Differential and linear cryptanalysis for 2-round SPNs. Inf. Process. Lett. 87(5), 277–282 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Daemen, J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. Ph.D. thesis, K.U. Leuven (1995)Google Scholar
  16. 16.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  17. 17.
    Daemen, J., Lamberger, M., Pramstaller, N., Rijmen, V., Vercauteren, F.: Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers. Computing 85(1–2), 85–104 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  18. 18.
    Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  19. 19.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer (2002)Google Scholar
  20. 20.
    Daemen, J., Rijmen, V.: Understanding two-round differentials in AES. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 78–94. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  21. 21.
    Daemen, J., Rijmen, V.: Probability distributions of correlation and differentials in block ciphers. Journal of Mathematical Cryptology 1(3), 221–242 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  22. 22.
    Daemen, J., Rijmen, V.: New criteria for linear maps in AES-like ciphers. Cryptography and Communications 1(1), 47–69 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Daemen, J., Rijmen, V.: Correlation analysis in \(GF(2^n)\). In: Advanced Linear Cryptanalysis of Block and Stream Ciphers. Cryptology and information security, pp. 115–131. IOS Press (2011)Google Scholar
  24. 24.
    Gong, Z., Nikova, S., Law, Y.W.: KLEIN: A new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. Springer, Heidelberg (2012) Google Scholar
  25. 25.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  26. 26.
    Hong, S.H., Lee, S.-J., Lim, J.-I., Sung, J., Cheon, D.H., Cho, I.: Provable security against differential and linear cryptanalysis for the SPN structure. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 273–283. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  27. 27.
    Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yalçın, T.: Prøst v1.1. Submission to the CAESAR competition (2014). http://proest.compute.dtu.dk/proestv11.pdf
  28. 28.
    Keliher, L., Sui, J.: Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard. IET Information Security 1(2), 53–57 (2007)CrossRefGoogle Scholar
  29. 29.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)Google Scholar
  30. 30.
    Kyureghyan, G.M.: Crooked maps in \(\mathbf{F}_{2^n}\). Finite Fields and Their Applications 13(3), 713–726 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  31. 31.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Symposium on Communication, Coding and Cryptography. Kluwer Academic Publishers (1994)Google Scholar
  32. 32.
    Lai, X., Massey, J.L., Murphy, S.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991) CrossRefGoogle Scholar
  33. 33.
    Leander, G.: On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 303–322. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  34. 34.
    Leander, G., Poschmann, A.: On the classification of 4 bit S-Boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159–176. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  35. 35.
    Lim, C.H., Korkishko, T.: mCrypton – A lightweight block cipher for security of low-cost RFID tags and sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  36. 36.
    MacWilliams, F.J., Sloane, N.J.: The theory of error-correcting codes. North-Holland (1977)Google Scholar
  37. 37.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  38. 38.
    Murphy, S.: The effectiveness of the linear hull effect. J. Mathematical Cryptology 6(2), 137–147 (2012)CrossRefzbMATHGoogle Scholar
  39. 39.
    Nyberg, K.: Differentially uniform mappings for cryptography. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 55–64. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  40. 40.
    Nyberg, K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439–444. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  41. 41.
    Park, S., Sung, S.H., Lee, S.-J., Lim, J.-I.: Improving the upper bound on the maximum differential and the maximum linear hull probability for SPN structures and AES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 247–260. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  42. 42.
    Rijmen, V., Daemen, J., Preneel, B., Bosselaers, A., Win, E.D.: The cipher SHARK. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 99–111. Springer, Heidelberg (1996)Google Scholar
  43. 43.
    Saarinen, M.-J.O.: Cryptographic analysis of all \(4 \times 4\)-bit S-boxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 118–133. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  44. 44.
    Tardy-Corfdir, A., Gilbert, H.: A known plaintext attack of FEAL-4 and FEAL-6. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 172–182. Springer, Heidelberg (1992) Google Scholar
  45. 45.
    Zheng, Y., Zhang, X.-M.: Plateaued functions. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 284–300. Springer, Heidelberg (1999) CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  1. 1.InriaProject-team SECRETRocquencourtFrance

Personalised recommendations