Advertisement

The block cipher Square

  • Joan Daemen
  • Lars Knudsen
  • Vincent Rijmen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1267)

Abstract

In this paper we present a new 128-bit block cipher called Square. The original design of Square concentrates on the resistance against differential and linear cryptanalysis. However, after the initial design a dedicated attack was mounted that forced us to augment the number of rounds. The goal of this paper is the publication of the resulting cipher for public scrutiny. A C implementation of Square is available that runs at 2.63 MByte/s on a 100 MHz Pentium. Our M68HC05 Smart Card implementation fits in 547 bytes and takes less than 2 msec. (4 MHz Clock). The high degree of parallellism allows hardware implementations in the Gbit/s range today.

References

  1. 1.
    E. Biham and A. Shamir, “Differential cryptanalysis of DES-like cryptosystems,≓ Journal of Cryptology, Vol. 4, No. 1, 1991, pp. 3–72.MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    J. Daemen, “Cipher and hash function design strategies based on linear and differential cryptanalysis,≓ Doctoral Dissertation, March 1995, K.U.Leuven.Google Scholar
  3. 3.
    J. Daemen and V. Rijmen, “Self-reciprocal cipher structures,≓ COSIC internal report 96-3, 1996.Google Scholar
  4. 4.
    T. Jakobsen and L.R. Knudsen, “The interpolation attack on block ciphers,≓ these proceedings.Google Scholar
  5. 5.
    J. Kelsey, B. Schneier and D. Wagner, “Key-schedule cryptanalysis of IDEA, GDES, GOST, SAFER, and Triple-DES,≓ Advances in Cryptology, Proceedings Crypto’96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 237–252.Google Scholar
  6. 6.
    L.R. Knudsen, “Truncated and higher order differentials,≓ Fast Software Encryption, LNCS 1008, B. Preneel, Ed., Springer-Verlag, 1995, pp. 196–211.Google Scholar
  7. 7.
    L.R. Knudsen, “A key-schedule weakness in SAFER-K64,≓ Advances in Cryptology, Proceedings Crypto’95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 274–286.Google Scholar
  8. 8.
    L.R. Knudsen and T.A. Berson, “Truncated differentials of SAFER,≓ Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 15–26.Google Scholar
  9. 9.
    N. Koblitz, “A Course in Number Theory and Cryptography,≓ Springer-Verlag, New York, 1987.CrossRefzbMATHGoogle Scholar
  10. 10.
    X. Lai, J.L. Massey and S. Murphy, “Markov ciphers and differential cryptanalysis,≓ Advances in Cryptology, Proceedings Eurocrypt’91, LNCS 547, D.W. Davies, Ed., Springer-Verlag, 1991, pp. 17–38.Google Scholar
  11. 11.
    F.J. MacWilliams, N.J.A. Sloane, “The Theory of Error-Correcting Codes,≓ North-Holland, Amsterdam, 1977.Google Scholar
  12. 12.
    M. Matsui, “Linear cryptanalysis method for DES cipher,≓ Advances in Cryptology, Proceedings Eurocrypt’93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 386–397.Google Scholar
  13. 13.
    K. Nyberg, “Differentially uniform mappings for cryptography,≓ Advances in Cryptology, Proceedings Eurocrypt’93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 55–64.Google Scholar
  14. 14.
    L. O’Connor, “On the distribution of characteristics in bijective mappings,≓ Journal of Cryptology, Vol. 8, No. 2, 1995, pp. 67–86.MathSciNetzbMATHGoogle Scholar
  15. 15.
    V. Rijmen, J. Daemen et al., “The cipher SHARK,≓ Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 99–112.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Joan Daemen
    • 1
  • Lars Knudsen
    • 2
  • Vincent Rijmen
    • 2
  1. 1.BanksysBrusselBelgium
  2. 2.Katholieke Universiteit Leuven, ESAT-COSICHeverleeBelgium

Personalised recommendations