Skip to main content
SpringerLink
Log in

A new counting method to bound the number of active S-boxes in Rijndael and 3D

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Security against differential and linear cryptanalysis is an essential requirement for modern block ciphers. This measure is usually evaluated by finding a lower bound for the minimum number of active S-boxes. The 128-bit block cipher AES which was adopted by National Institute of Standards and Technology (NIST) as a symmetric encryption standard in 2001 is a member of Rijndael family of block ciphers. For Rijndael, the block length and the key length can be independently specified to 128, 192 or 256 bits. It has been proved that for all variants of Rijndael the lower bound of the number of active S-boxes for any 4-round differential or linear trail is 25, and for 4r (\(r \ge 1\)) rounds 25r active S-boxes is a tight bound only for Rijndael with block length 128. In this paper, a new counting method is introduced to find tighter lower bounds for the minimum number of active S-boxes for several consecutive rounds of Rijndael with larger block lengths. The new method shows that 12 and 14 rounds of Rijndael with 192-bit block length have at least 87 and 103 active S-boxes, respectively. Also the corresponding bounds for Rijndael with 256-bit block are 105 and 120, respectively. Additionally, a modified version of Rijndael-192 is proposed for which the minimum number of active S-boxes is more than that of Rijndael-192. Moreover, we extend the method to obtain a better lower bound for the number of active S-boxes for the block cipher 3D. Our counting method shows that, for example, 20 and 22 rounds of 3D have at least 185 and 205 active S-boxes, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Biham E., Shamir A.: Differential cryptanalysis of DES-like cryptosystems. In: CRYPTO’90. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1990).

  2. Bogdanov A., Knudsen L.R., Leander G., Paar C., Poschmann A., Robshaw M.J., Seurin Y., Vikkelsoe C.: Present: an ultra-lightweight block cipher. In: CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007).

  3. Daemen J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. Ph.D. thesis, Elektrotechniek Katholieke Universiteit Leuven, Belgium (1995).

  4. Daemen J., Rijmen V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Springer, Berlin (2002).

  5. Kanda M.: Practical security evaluation against differential and linear cryptanalysis for Feistel ciphers with SPN round function. In: SAC 2000. LNCS, vol. 2012, pp. 324-338. Springer, Heidelberg (2001).

  6. Kanda M., Moriai S., Aoki K., Ueda H., Takashima Y., Ohta K., Matsumoto T.: E2-A New 128-bit block cipher. IEICE Trans. Fundam. Electron. Commun. Comput. Sci E83–A(1), 48–59 (2000).

  7. Matsui M.: Linear cryptanalysis method for DES cipher. In EUROCRYPT’93, vol. 765, pp. 386–397. Springer, Berlin (1993).

  8. Matsui M.: Differential path search of the block cipher E2. Technical Report ISEC99-19, IEICE (1999). (written in Japanese)

  9. Mouha N., Wang Q., Gu D., Preneel B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Information Security and Cryptology, pp. 57–76. Springer, Berlin (2012).

  10. Nakahara J.: 3D: A three-dimensional block cipher. In: CANS 2008. LNCS, vol. 5339, pp 252–267. Springer, Berlin (2008).

  11. Shibutani K.: On the diffusion of generalized Feistel structures regarding differential and linear cryptanalysis. In: SAC 2010. LNCS, vol. 6544, pp. 211–228. Springer, Heidelberg (2011).

  12. Shirai T., Araki K.: On generalized Feistel structures using the diffusion switching mechanism. IEICE Trans. Fundam. Electron. Commun. Comput. Sci E91A(8), 2120–2129 (2008).

  13. Shirai T., Kanamaru S., Abe G.: Improved upper bounds of differential and linear characteristic probability for Camellia. In: FSE02. LNCS, vol. 2365, pp. 128–142. Springer, Heidelberg (2002).

  14. Shirai T., Shibutani K.: On Feistel structures using a diffusion switching mechanism. In: Robshaw M. (ed.) FSE’06. LNCS, vol. 4047, pp. 41–56. Springer, Heidelberg (2006).

  15. Sun S., Hu L., Song L., Xie Y., Wang P.: Automatic security evaluation of block ciphers with S-bp structures against related-key differential attacks. Cryptology ePrint Archive, Report 2013/547 (2013). http://eprint.iacr.org/.

  16. Wu S., Wang M.: Security evaluation against differential cryptanalysis for block cipher structures. Cryptology ePrint Archive, Report 2013/551 (2013). http://eprint.iacr.org/.

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Islamic Azad University, Isfahan (Khorasgan) Branch, Isfahan, Iran

    Mahdi Sajadieh

  2. Department of Electrical and Computer Engineering, Isfahan University of Technology, Isfahan, Iran

    Arash Mirzaei

  3. Department of Computer Engineering, University of Isfahan, Isfahan, Iran

    Hamid Mala

  4. Department of Electrical Engineering (ESAT), KU Leuven and iMinds, Leuven, Belgium

    Vincent Rijmen

Authors
  1. Mahdi Sajadieh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arash Mirzaei
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hamid Mala
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Rijmen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mahdi Sajadieh.

Additional information

Communicated by C. Cid.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sajadieh, M., Mirzaei, A., Mala, H. et al. A new counting method to bound the number of active S-boxes in Rijndael and 3D. Des. Codes Cryptogr. 83, 327–343 (2017). https://doi.org/10.1007/s10623-016-0217-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-016-0217-4

Keywords

Mathematics Subject Classification

Search

Navigation