Towards Provable Security of Rijndael-Like Spn Ciphers Against Differential Attacks

Abstract: ABSTRACT. The strength of Rijndael-like ciphers to the truncated differential attack is considered. Theorems about the absence of effective truncated (byte) differential characteristics and effective truncated (byte) differentials for ciphers with sufficient number of rounds are proved.

“…The first defect of the proposed approach is that only the version of the Rijndael-like cipher with the block size of m×m bytes is analyzed, but in practice other variants may also occur. The second defect is related to the fact that the used constraints on the probability of BDC from [12,13] were obtained for Rijndael-like ciphers that used the XOR-addition operation with a key, while in the Q transformation of the Kupyna algorithm, addition by modulo 2 64 is used. In some cases, these differences may lead to inaccurate results for the scheme → → ... a a of attack.…”

“…The scheme of difference transformation in terms of differential cryptanalysis is called the differential characteristic, or, as in the case of differential attacks on Rijndael-like ciphers, the byte differential characteristic (BDC). The work [12] is devoted to the analysis of BDCs, byte differentials and their probabilities for Rijndael-like ciphers. In [13], an attempt to generalize these results for block ciphers in general was made, and a model of ciphers provably secure against truncated differential attacks was proposed.…”

“…In this case, the input of the first MC transformation and the output of the last MC transformation of BDC must have at least 2 active columns (because a is bigger than m). According to [12,13], for each of the 2m-a passive output bytes of the MC, the probability of BDC will decrease by about 2 8 inbound part, the outbound part of BDC can not contain any single MC transformation with more than one active column.…”

Development of the approach to proving the security of Grostl-like hashing algorithms to rebound attacks

“…The first defect of the proposed approach is that only the version of the Rijndael-like cipher with the block size of m×m bytes is analyzed, but in practice other variants may also occur. The second defect is related to the fact that the used constraints on the probability of BDC from [12,13] were obtained for Rijndael-like ciphers that used the XOR-addition operation with a key, while in the Q transformation of the Kupyna algorithm, addition by modulo 2 64 is used. In some cases, these differences may lead to inaccurate results for the scheme → → ... a a of attack.…”

“…The scheme of difference transformation in terms of differential cryptanalysis is called the differential characteristic, or, as in the case of differential attacks on Rijndael-like ciphers, the byte differential characteristic (BDC). The work [12] is devoted to the analysis of BDCs, byte differentials and their probabilities for Rijndael-like ciphers. In [13], an attempt to generalize these results for block ciphers in general was made, and a model of ciphers provably secure against truncated differential attacks was proposed.…”

“…In this case, the input of the first MC transformation and the output of the last MC transformation of BDC must have at least 2 active columns (because a is bigger than m). According to [12,13], for each of the 2m-a passive output bytes of the MC, the probability of BDC will decrease by about 2 8 inbound part, the outbound part of BDC can not contain any single MC transformation with more than one active column.…”

Development of the approach to proving the security of Grostl-like hashing algorithms to rebound attacks

The conditions of provable security of block ciphers against truncated differential attack