Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2003: Advances in Cryptology — EUROCRYPT 2003 pp 33–50Cite as

  1. Home
  2. Advances in Cryptology — EUROCRYPT 2003
  3. Conference paper
A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms

A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms

  • Alex Biryukov5,
  • Christophe De Cannière5,
  • An Braeken5 &
  • …
  • Bart Preneel5 
  • Conference paper
  • First Online: 01 January 2003
  • 5058 Accesses

  • 73 Citations

  • 6 Altmetric

Part of the Lecture Notes in Computer Science book series (LNCS,volume 2656)

Abstract

This paper presents two algorithms for solving the linear and the affine equivalence problem for arbitrary permutations (S-boxes). For a pair of n × n-bit permutations the complexity of the linear equivalence algorithm (LE) is O(n 32n). The affine equivalence algorithm (AE) has complexity O(n 322n). The algorithms are efficient and allow to study linear and affine equivalences for bijective S-boxes of all popular sizes (LE is efficient up to n ≤ 32). Using these tools new equivalent representations are found for a variety of ciphers: Rijndael, DES, Camellia, Serpent, Misty, Kasumi, Khazad, etc. The algorithms are furthermore extended for the case of non-bijective n to m-bit S-boxes with a small value of |n − m| and for the case of almost equivalent S-boxes. The algorithms also provide new attacks on a generalized Even-Mansour scheme. Finally, the paper defines a new problem of S-box decomposition in terms of Substitution Permutations Networks (SPN) with layers of smaller S-boxes. Simple information-theoretic bounds are proved for such decompositions.

Keywords

  • Linear
  • affine equivalence algorithm
  • S-boxes
  • Block-ciphers
  • Rijndael
  • DES
  • Cryptanalysis
  • Algebraic attacks
  • S-box decomposition
  • Side-channel attacks

The work described in this paper has been supported in part by the Commission of the European Communities through the IST Programme under Contract IST-1999-12324 and by the Concerted Research Action (GOA) Mefisto.

F.W.O. Research Assistant, sponsored by the Fund for Scientific Research — Flanders (Belgium).

Download conference paper PDF

References

  1. K. Aoki, T. Ichikawa, M. Kanda, M. Matsui, S. Moria, J. Nakajima, T. Tokita, Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms — Design and Analysis, submitted to NESSIE, 2000. Available at http://www.cryptonessie.org.

  2. P.S.L.M. Baretto, V. Rijmen, The Khazad Legacy-Level Block Cipher, submitted to NESSIE, 2000. Available at http://www.cryptonessie.org.

  3. P.S.L.M. Baretto, V. Rijmen, The Whirlpool Hashing Function, submitted to NESSIE, 2000. Available at http://www.cryptonessie.org.

  4. E. Barkan, E. Biham, In how Many Ways Can You Write Rijndael, Proceedings of Asiacrypt 2002, LNCS, to appear. Earlier version at IACR eprint server, http://eprint.iacr.org/.

    Google Scholar 

  5. E. Barkan, E. Biham, The Book of Rijndaels, Available on IACR eprint server, http://eprint.iacr.org/.

  6. E. Biham, R.J. Anderson, L.R. Knudsen, Serpent: A New Block Cipher Proposal, Proceedings of Fast Software Encryption’98, LNCS 1372, pp. 222–238, Springer-Verlag, 1998.

    CrossRef  Google Scholar 

  7. E. Biham, A. Shamir, Differential cryptanalysis of the Data Encryption Standard, Springer-Verlag 1993.

    Google Scholar 

  8. A. Biryukov, A. Shamir, Structural Cryptanalysis of SASAS, LNCS 2045, Proceedings of Eurocrypt 2001, pp. 394–405, Springer-Verlag, 2001.

    Google Scholar 

  9. A. Biryukov, D. Wagner, Advanced Slide Attacks, Proceedings of Fast Software Encryption 2000, LNCS 1807, pp. 589–606, Springer-Verlag, 2000.

    Google Scholar 

  10. N. Courtois, J. Pieprzyk, Cryptanalysis of Block Ciphers with Overdefined Systems of Equations, Proceedings of Asiacrypt’2002, LNCS, to appear. Earlier version at IACR eprint server, http://eprint.iacr.org/.

    Google Scholar 

  11. D. Coppersmith, S. Winograd, Matrix Multiplication via Arithmetic Progressions Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 1–6, 1987.

    Google Scholar 

  12. J. Daemen, Limitations of the Even-Mansour Construction, Proceedings of Asiacrypt’91, LNCS 739, pp. 495–499, Springer-Verlag, 1991.

    Google Scholar 

  13. J. Daemen, V. Rijmen, The Design of Rijndael, Springer-Verlag, 2002.

    Google Scholar 

  14. S. Even, Y. Mansour, A Construction of a Cipher from a Single Pseudorandom Permutation, Journal of Cryptology, Vol. 10, no. 3, pp. 151–161, Springer-Verlag, 1997.

    CrossRef  MATH  MathSciNet  Google Scholar 

  15. J. Fuller, W. Millan, On linear Redundancy in the AES S-Box, Available online on http://eprint.iacr.org/, 2002.

  16. M. A. Harrison, On the Classification of Boolean Functions by the General Linear and Affine Group, Journal of the Society for Industrial and Applied Mathematics, Vol. 12, pp. 284–299, 1964.

    CrossRef  MathSciNet  Google Scholar 

  17. M.E. Hellman, R. Merkle, R. Schroppel, L. Washington, W. Diffie, S. Pohlig, P. Schweitzer, Results of an initial attempt to cryptanalyze the NBS Data Encryption Standard. Technical report, Stanford University, U.S.A., September 1976.

    Google Scholar 

  18. K. Kim, S. Lee, S. Park, D. Lee, Securing DES S-boxes Against Three Robust Cryptanalysis, Proceedings of SAC’95, pp. 145–157, 1995.

    Google Scholar 

  19. C.S. Lorens, Invertible Boolean Functions, Space General Corporation Report, 1962.

    Google Scholar 

  20. M. Matsui, Linear Cryptanalysis Method for DES Cipher, Proceedings of Eurocrypt’93, LNCS 765, pp. 386–397, Springer-Verlag, 1993.

    Google Scholar 

  21. M. Matsui, New Block Encryption Algorithm MISTY, Proceedings of Fast Software Encryption’ 97, LNCS 1267, pp. 54–68, Springer-Verlag, 1997.

    CrossRef  Google Scholar 

  22. S. Murphy, J.B. Robshaw, Essential Algebraic Structure Within the AES, Proceedings of CRYPTO 2002, LNCS 2442, pp. 17–38, Springer-Verlag 2002.

    Google Scholar 

  23. J. Patarin, L. Goubin, N. Courtois, Improved Algorithms for Isomorphisms of Polynomials, Proceedings of Eurocrypt’98, LNCS 1403, pp. 184–200, Springer-Verlag, 1998.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001, Leuven-Heverlee, Belgium

    Alex Biryukov, Christophe De Cannière, An Braeken & Bart Preneel

Authors
  1. Alex Biryukov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christophe De Cannière
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. An Braeken
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bart Preneel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Technion — Israel Institute of Technology, Haifa, 32000, Israel

    Eli Biham

Rights and permissions

Reprints and Permissions

Copyright information

© 2003 International Association for Cryptologic Research

About this paper

Cite this paper

Biryukov, A., De Cannière, C., Braeken, A., Preneel, B. (2003). A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_3

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/3-540-39200-9_3

  • Published: 13 May 2003

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-14039-9

  • Online ISBN: 978-3-540-39200-2

  • eBook Packages: Springer Book Archive

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature