Abstract
Differential cryptanalysis is a well-known attack on iterated ciphers whose success is determined by the probability of predicting sequences of differences from one round of the cipher to the next. The notion of difference is typically defined with respect to the group operation (s) used to combine the subkey in the round function F. For a given round operation π of F, such as an S-box, let DP⊗(π) denote the probability of the most likely non-trivial difference for π when differences are defined with respect to ⊗. In this paper we investigate how the distribution of DP⊗(π) varies as the group operation ⊗ is varied when π is a uniformly selected permutation. We prove that DP⊗(π) is maximized with high probability when differences are defined with respect to XOR.
Chapter PDF
References
C. M. Adams. The CAST-256 Encryption Algorithm. NIST Advanced Encryption Standard (AES) submission, description available at http://www.entrust.com/resources/pdf/cast.pdf.
E. A. Bender. Asymptotic methods in enumeration. SIAM Review, 16(4):485–515, 1974.
E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.
E. Biham and A. Shamir. Differential cryptanalysis of Data Encryption Standard. Springer-Verlag, 1993.
J. Daemen and V. Rijmen. AES proposal: Rijndael. NIST Advanced Encryption Standard submission, description available at http://www.esat.kuleuven.ac.be/~rijmen/rijndael.
W. Feller. An Introduction to Probability Theory and its Applications. New York: Wiley, 3rd edition, Volume 1, 1968.
H. Gilbert, M. Girault, P. Hoogvorst, F. Noilhan, T. Pornin, G. Poupard, J. Stern, and S. Vaudenay. Decorrelated Fast Cipher. NIST Advanced Encryption Standard (AES) submission, description available http://www.dmi.ens.fr/~vaudenay/dfc.html.
R. P. Grimaldi. Discrete and Combinatorial Mathematcis: An Applied Introduction. Addison Wesley Publishing Company, 1989.
M. Hall. Combinatorial Theory. Blaisdell Publishing Company, 1967.
P. Hawkes and L. J. O’Connor. Aymptotic bounds on differential probabilities. Technical Report RZ 3018, IBM Research Report, May, 1998. Available from http://www.research.ibm.com.
B. S Kaliski and L. Y. Yiqun. On differential and linear cryptanalysis of the RC5 algorithm. Advances in Cryptology, CRYPTO 95, Lecture Notes in Computer Science, vol. 963, D. Coppersmith eds., Springer-Verlag, pages 171–184, 1995.
M. Kanda, S. Moriai, A. Kazumaro, H. Ueda, M. Ohkubo, Y. Takashima, K. Ohta, and T. Matsumoto. Specification of E2 — a 128-bit block cipher. NIST Advanced Encryption Standard submission, description available at http://titan.isl.ntt.co.jp/e2.
X. Lai. On the design and security of block ciphers. ETH Series in Information Processing, editor J. Massey, Hartung-Gorre Verlag Konstanz, 1992.
X. Lai and J. L. Massey. A proposal for a new block encryption standard. In Advances in Cryptology, EUROCRYPT 90, Lecture Notes in Computer Science, vol. 473, I. B. Damgård ed., Springer-Verlag, pages 389–404, 1991.
J. Lee, H. M. Heys, and S. E. Tavares. Resistance of a CAST-like encryption algorithm to linear and differential cryptanalysis. Designs, Codes and Cryptography, 12(3):267–282, 1997.
C. H. Lim. Specification and analysis of CRYPTON version 1.0. NIST Adavanced Encryption Standard (AES) submission, description available at http://crypt.future.co.kr/∼chlim/crypton.html.
J. L. Massey. SAFER: a byte-oriented ciphering algorithm. Fast Software Encryption, Lecture Notes in Computer Science, vol. 809, R. Anderson ed., Springer-Verlag, pages 1–17, 1993.
J. L. Massey. SAFER K-64: one year later. Fast Software Encryption, Lecture Notes in Computer Science, vol. 1008, B. Preneel ed., Springer-Verlag, pages 212–241, 1994.
L. J. O’Connor. On the distribution of characteristics in bijective mappings. Advances in Cryptology, EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 360–370, 1994.
L. J. O’Connor. On the distribution of characteristics in bijective mappings. Journal of Cryptology, 8(2):67–86, 1995.
B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson. Twofish: a 128-bit block cipher. NIST Advanced Encryption Standard (AES) submission, description available http://www.counterpane.com/twofish.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hawkes, P., O’Connor, L. (1999). XOR and Non-XOR Differential Probabilities. In: Stern, J. (eds) Advances in Cryptology — EUROCRYPT ’99. EUROCRYPT 1999. Lecture Notes in Computer Science, vol 1592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48910-X_19
Download citation
DOI: https://doi.org/10.1007/3-540-48910-X_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65889-4
Online ISBN: 978-3-540-48910-8
eBook Packages: Springer Book Archive