The design of substitution-permutation networks resistant to differential and linear cryptanalysis

Heys, Howard M.; Tavares, Stafford E.

doi:10.1145/191177.191206

Cited by 27 publications

(31 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, CAST uses the Feistel structure [18,19] to implement the SPN. This is because the Feistel structure is well-studied and appears to be free of basic structural weaknesses, whereas some other forms of the SPN, such as the "tree structure" [22,23] have some inherent weaknesses [22,45] unless a significant number of layers are added (which may destroy the one property, "completeness", 2 which tree structures are provably able to achieve). Note that some other forms of SPN, such as that employed in SAFER [32], also appear currently to be free of basic structural weaknesses, but have not been subject to intense analysis for nearly as long as the Feistel structure.…”

Section: Framework Design Overviewmentioning

confidence: 99%

Constructing Symmetric Ciphers Using the CAST Design Procedure

Adams¹

1997

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract. This paper describes the CAST design procedure for constructing a family of DES-like SubstitutionPermutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (s-boxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.

show abstract

Section: Framework Design Overviewmentioning

confidence: 99%

Constructing Symmetric Ciphers Using the CAST Design Procedure

Adams¹

1997

Selected Areas in Cryptography

View full text Add to dashboard Cite

show abstract

“…We transformed the estimates for the complexity of the linear attacks on SP networks from [8] is the nonlinearity for the above functions given in [18]. It can be shown that the minimum number of non-trivial one round linear characteristics needed for a linear characteristic of a Feistel cipher is two for every three rounds.…”

Section: Examplesmentioning

confidence: 99%

Practically secure Feistel ciphers

Knudsen

1994

Fast Software Encryption

View full text Add to dashboard Cite

show abstract

“…In IDEA the modular multiplication step is effectively the S-box; it is a 16*16-bit S-box. The larger this S-box, the harder it is to find useful statistics to attack using either differential or linear cryptanalysis [653,729,1626]. Also, while random S-boxes are usually not optimal to protect against differential and linear attacks, it is easier to find strong S-boxes if the S-boxes are larger.…”

Section: S-box Designmentioning

confidence: 99%

“…Some ciphers generate random S-boxes and then test them for the requisite properties. See [9,729] for examples of this approach. 3.…”

Section: Much Of This Work Involves the Study Of Boolean Functionsmentioning

confidence: 99%