In this works we examine the diffusion layers of some block ciphers referred to as substitution-permutation networks. We investigate the practical security of these diffusion layers against differential and linear cryptanalysis by using the notion of active S-boxes. We show that the minimum number of differentially active S-boxes and that of linearly active S-boxes are generally not identical and propose some special conditions in which those are identical. Moreover, we apply our results to analyze three diffusion layers used in the block ciphers E2, CRYPTON and Rijndael, respectively. It is also shown that these all diffusion layers have achieved optimal security according to their each constraints of using operations.
CITATION STYLE
Kang, J. S., Park, C., Lee, S., & Lim, J. I. (2000). On the optimal diffusion layers with practical security against differential and linear cryptanalysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1787, pp. 38–52). Springer Verlag. https://doi.org/10.1007/10719994_4
Mendeley helps you to discover research relevant for your work.