Queen's U n i v e r s i t y Kingston, O n t . CanadaT h e ideas of completeness and t h e avalanche effect were f i r s t i n t r o d u c e dby Kam and Davida [ l ] a n d Feistel [Z], respectively. If a c r y p t o g r a p h i c t r a n sformation is complete, t h e n each c i p h e r t e x t bit must depend o n all o f t h e p l a i n t e x t bits. Thus, if it were possible t o find t h e simplest Boolean expression f o r each c i p h e r t e x t bit i n terms o f t h e p l a i n t e x t bits, each of those expressions would h a v e t o contain all of t h e p l a i n t e x t b i t s if t h e f u n c t i o n was complete. Alternatively, if t h e r e is a t least one p a i r o f n -b i t p l a i n t e x t vectors X and Xi that d i f f e r o n l y in bit i, and f ( X ) and f ( X i ) d i f f e r a t least in b i t j f o r all t h e n t h e f u n c t i o n f m u s t b e complete.F o r a given t r a n s f o r m a t i o n t o e x h i b i t t h e avalanche effect, an average o f one half o f t h e o u t p u t b i t s should change whenever a single i n p u t b i t is complemented.I n o r d e r t o d e t e r m i n e whether a given m x n (m i n p u t b i t s a n d n o u t p u t b i t s ) function f satisfies t h i s requirement, t h e Zm plaintext vectors m u s t be d i v i d e d i n t o Zm-' p a i r s , X a n d Xi, such t h a t X and Xi d i f f e r o n l y in bit i.Then t h e 2m-1 exclusive-or sums H.C. Williams (Ed.): Advances in Cryptology
We describe a design procedure for the s-boxes of private key cryptosystems constructed as substitution-permutation networks (DES-like cryptosystems). Our procedure is proven to construct s-boxes which are bijective, are highly nonlinear, possess the strict avalanche criterion, and have output bits which act (vitually) independently when any single input bit is complemented. Furthermore, our procedure is very efficient: we have generated approximately 60 such 4 • 4 s-boxes in a few seconds of CPU time on a SUN workstation.
This paper develops analytical models for the avalanche characteristics of a class of block ciphers usually referred to as substitution-permutation encryption networks or SPNs. An SPN is considered to display good avalanche characteristics if a one bit change in the plaintext input is expected to result in close to half the ciphertext output bits changing. Good avalanche characteristics are important to ensure that a cipher is not susceptible to statistical attacks and the strength of an SPN's avalanche characteristics may be considered as a measure of the randomness of the ciphertext. The results presented in this paper demonstrate that the avalanche behaviour of encryption networks can be improved by using larger S-boxes. As well, it is shown that increasing the diffusion properties of the S-boxes or replacing the permutations by diffusive linear transformations is effective in improving the network avalanche characteristics.
Abstract. We show how to create a master key scheme for controlling access to a set of services. Each master key is a concise representation for a list of service keys, such that only service keys in this list can be computed easily from the master key. Our scheme is more flexible than others, permitring hierarchical organization and expansion of the set of services.
The security of DES-like cryptosystems depends heavily on the strength of the Substitution boxes (S-boxes) used. The design of new S-boxes is therefore an important concern in the creation of new and more secure cryptosystems. The full set of design criteria for the S-boxes of DES has never been released and a complete set has yet to be proposed in the open literature. This paper introduces a unified S-box design framework based on information theory and illustrates how it provides immunity to the differential attack. ' in Figure 2.
Abstract. We present a new algorithm for upper bounding the maximum average linear hull probability for SPNs, a value required to determine provable security against linear cryptanalysis. The best previous result (Hong et al. [9]) applies only when the linear transformation branch number (B) is M or (M + 1) (maximal case), where M is the number of s-boxes per round. In contrast, our upper bound can be computed for any value of B. Moreover, the new upper bound is a function of the number of rounds (other upper bounds known to the authors are not). When B = M , our upper bound is consistently superior to [9]. When B = (M + 1), our upper bound does not appear to improve on [9]. On application to Rijndael (128-bit block size, 10 rounds), we obtain the upper bound UB = 2 −75 , corresponding to a lower bound on the data complexity of 8 UB = 2 78 (for 96.7% success rate). Note that this does not demonstrate the existence of a such an attack, but is, to our knowledge, the first such lower bound.
Abstract. We describe an qjicient &sign methodology for the s-boxes of DES-like cryptosystems. our design guarantees that the resulting s-boxes will be bijective and ~nhear and will exhibit the strict avalanche criterion and the output bit independence criterion.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.