Inefficiency of variant characteristics for substitution-permutation networks with position permutations

  • Albert Sadowski
Cryptographic Functions And Cipher
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1270)


In the early '90th E.Biham and A.Shamir for the first time presented new, effective method of the cryptanalysis of the Data Encryption Standard (DES) algorithm — a differential cryptanalysis. This method can be applyed to many types of the algorithms based on substitutions and permutations called the substitution-permutation networks (SPNs).

Together with introducing the differential cryptanalysis appeared a problem of improving resistance of the ciphers against this method of attack. The differential cryptanalysis is based on existance of the differential characteristics. Designing the differential characteristics is a fundamental of the differential cryptanalysis. In this paper we present a kind of extention of the substitution-permutation networks called a position permutation. Applying the position permutations in SPN disables creating the differential characteristics like presented by Biham and Shamir. It is necessary to emphasize that applying the position permutations in the SPN does not change the type of algorithm; it is still the substitution-permutation network.

Differential cryptanalysis of the SPNs with the position permutations can be made with use of so called variant charcteristics. In this paper we show that these characteristics are inefficient and the differential cryptanalysis of the networks with the position permutations is much more difficult than the cryptanalysisof the network without these permutations.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    C.M. Adams. On immunity against Biham and Shamir's differential cryptanalysis. Information Processing Letters, 41(2), pages 77–80, 1992.CrossRefGoogle Scholar
  2. [2]
    I. Ben-Aroya, E. Biham. Differential Cryptanalysis of Lucifer. Journal of Cryptology, Vol. 9 No. 1, pages 21–34, 1996.CrossRefGoogle Scholar
  3. [3]
    E.Biham, A.Shamir. Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. Advances in Cryptology — CRYPTO'91, pages 156–171, Springer-Verlag, 1992.Google Scholar
  4. [4]
    E.Biham, A.Shamir. Differential cryptanalysis of the Full 16-Round DES. Advances in Cryptolgy — CRYPTO'92, pages 487–496, Springer-Verlag, 1993.Google Scholar
  5. [5]
    E. Biham, A. Shamir. Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology, Vol. 4 No.1, pages 3–72, 1991.CrossRefGoogle Scholar
  6. [6]
    L.Brown, M.Kwan, J.Pieprzyk, J.Sebbery. Improving Resistance to Differential Cryptoanalysis and the Redesign of LOKI. Advances in Cryptology — ASIACRYPT'91, pages 36–50, Springer-Verlag, 1992.Google Scholar
  7. [7]
    L.Brown, J.Seberry. On the design of permutation P in DES type cryptosystems. Advances in Cryptology — EUROCRYPT'89, pages 696–705, Springer-Verlag, 1990.Google Scholar
  8. [8]
    C.Carnes, J.Pieprzyk. Linear Nonequivalence versus Nonlinearity. Advances in Cryptology — AUSCRYPT'92, pages 156–164, Springer-Verlag, 1993.Google Scholar
  9. [9]
    H.M. Heys, S.E. Tavares. Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis. Journal of Cryptology, Vol. 9 No.1, pages 1–20, 1996.CrossRefGoogle Scholar
  10. [10]
    K.Kim. Construction of DES-like S-boxes Based on Boolean Functions Satisfying the SAC. Advances in Cryptology-ASIACRYPT'91, pages 59–72, Springer-Verlag, 1992.Google Scholar
  11. [11]
    L.R.Knudsen. Cryptanalysis of LOKI91. Advances in Cryptology — AUSCRYPT'92, pages 196–208, Springer-Verlag, 1993.Google Scholar
  12. [12]
    L.R.Knudsen.Iterative Characteristics of DES and s2-DES. Advances in Cryptology — CRYPTO'92, pages 497–511, Springer-Verlag, 1993.Google Scholar
  13. [13]
    M. Matsui. Linear cryptanslysis method for DES cipher. Advances in Cryptology — EUROCRYPT'93, pages 386–397, Springer-Verlag, 1994.Google Scholar
  14. [14]
    K.Nyberg, L.R.Knudsen. Provable Security Against Differential Cryptanalysis. Advances in Cryptology — CRYPTO'92, pages 566–574, Springer-Verlag, 1993.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Albert Sadowski
    • 1
  1. 1.Institute of Electronics FundamentalsWarsaw University of TechnologyWest Germany

Personalised recommendations