ABSTRACT
The diffusion function with large branch number is a fundamental building block in the construction of many block ciphers to achieve provable bounds against differential and linear cryptanalysis. Conventional diffusion functions, which are constructed based on linear error-correction code, has the undesirable side effect that a linear diffusion function by itself is “transparent” (i.e., has transition probability of 1) to differential and linear cryptanalysis. Nonlinear diffusion functions are less studied in cryptographic literature, up to now. In this paper, we propose a practical criterion for nonlinear optimal diffusion functions. Using this criterion we construct generally a class of nonlinear optimal diffusion functions over finite field. Unlike the previous constructions, our functions are non-linear, and thus they can provide enhanced protection against differential and linear cryptanalysis.
- Joan Daemen.1995.Cipher and hash function design strategies based on linear and differential cryptanalysis. PhD Thesis, KU Leuven.Google Scholar
- Youssef A M, Mister S, Tavares S E.1997. On the design of linear transformations for substitution permutation encryption networks .Workshop on Selected Areas of Cryptography (SAC'96): Workshop Record. 1997: 40-48.Google Scholar
- Wu S, Wang M, Wu W. 2012. Recursive diffusion layers for (lightweight) block ciphers and hash functions . Lecture Notes in Computer Science, Vol. 7707. Springer-Verlag, New York, NY.Google Scholar
- Sajadieh M, Dakhilalian M, Mala H, 2015. Efficient recursive diffusion layers for block ciphers and hash functions. Journal of Cryptology, 28, 2(2015), 240-256.Google ScholarDigital Library
- Li, S., Sun, S., Shi, D., Li, C., Hu, L. 2019. Lightweight Iterative MDS Matrices: How Small Can We Go? . IACR Transactions on Symmetric Cryptology, 4(2019), 147-170.Google Scholar
- W. You, D. Xin-feng, W. Jin-bo and Z. Wen-zheng, 2021,Construction of MDS Matrices Based on the Primitive Elements of the Finite Field, 2021 International Conference on Networking and Network Applications (NaNA), 2021,485-488 .Google Scholar
- Kamil O. A Generalization of the Subfield Construction,2021. International Journal of Information Security Science, 11,2(2021): 1-11.Google Scholar
- Kesarwani A, Pandey S K, Sarkar S, Recursive MDS matrices over finite commutative rings,2021. Discrete Applied Mathematics, 304,15(2021), 384-396.Google ScholarDigital Library
- Cui T, Chen S, Jin C, Construction of higher-level MDS matrices in nested SPNs,2021. Information Sciences,554,4(2021),297-312.Google ScholarCross Ref
- Zhou X, Cong T. Construction of generalized-involutory MDS matrices,2022. Cryptology ePrint Archive, 2022.Google Scholar
- Gu Dawu, Xu Shengbo. 2003. Advanced encryption Standard (AES) algorithm: design of Rijndael (in Chinese). Tsinghua University Press.Google Scholar
- Shimoyama T, Yanami H, Yokoyama K, 2001.The block cipher SC2000. Lecture Notes in Computer Science, Vol. 2355. Springer-Verlag, New York, NY.Google Scholar
- State Cryptography Administration. GM / T0002-2012.2012. SM4 block cipher algorithm. Beijing: China Standards Press.Google Scholar
- Alexander Klimov and Adi Shamir, 2005. New Applications of T-Functions in Block Ciphers and Hash Functions, Lecture Notes in Computer Science, Vol. 3557. Springer-Verlag, New York, NY.Google Scholar
- H. Han, X. X. Xu and S. Zhu. 2013. The Properties of Orthomorphisms on the Galois Field. Research Journal of Applied Sciences, Engineering and Technology 5, 5(2013), 1853-1858.Google ScholarCross Ref
- Qu Chengqin, Zhou Xuan Bai Shujun, 2018. A note on MDS transformation(in Chinese),Communication Technology 50, 05(2017),1041-1044.Google Scholar
- Liu, Y., Rijmen, V. & Leander, G. 2018. Nonlinear diffusion layers. Des. Codes Cryptogr. 86(2018), 2469 - 2484.Google ScholarDigital Library
- Shamsabad, M. R., Dehnavi, S. M. 2022. Nonlinear 4×4 MDS diffusion layers. Journal of Information and Optimization Sciences,43,4(2022), 1-14.Google Scholar
- Mann H B. The construction of orthogonal latin squares. 1942. The Annals of Mathematical Statistics, 13, 4(1942), 418-423.Google ScholarCross Ref
Recommendations
A methodology for differential-linear cryptanalysis and its applications
FSE'12: Proceedings of the 19th international conference on Fast Software EncryptionIn 1994 Langford and Hellman introduced a combination of differential and linear cryptanalysis under two default independence assumptions, known as differential-linear cryptanalysis, which is based on the use of a differential-linear distinguisher ...
Towards the optimality of Feistel ciphers with substitution-permutation functions
We explore the optimality of balanced Feistel ciphers with SP-type F-functions with respect to their resistance against differential and linear cryptanalysis. Instantiations of Feistel ciphers with the wide class of (SP) $$^u$$ u and (SP) $$^u$$ u S F-functions are ...
Differential-Linear Cryptanalysis Revisited
The two main classes of statistical cryptanalysis are the linear and differential attacks. They have many variants and enhancements such as the multidimensional linear attacks and the truncated differential attacks. The idea of differential-linear ...
Comments