Abstract
In this paper we present a model for the bias values asso- ciated with linear characteristics of substitution-permutation networks (SPN's). The first iteration of the model is based on our observation that for suficiently large s-boxes, the best linear characteristic usually involves one active s-box per round. We obtain a result which allows us to compute an upper bound on the probability that linear cryptanalysis using such a characteristic is feasible, as a function of the number of rounds. We then generalize this result, upper bounding the probability that linear cryptanalysis is feasible when any linear characteristic may be used (no restriction on the number of active s-boxes). The work of this paper indicates that the basic SPN structure provides good secu- rity against linear cryptanalysis based on linear characteristics after a reasonably small number of rounds.
Cite
CITATION STYLE
Keliher, L., Meijer, H., & Tavares, S. (2000). Modeling linear characteristics of substitution-permutation networks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1758, pp. 78–91). Springer Verlag. https://doi.org/10.1007/3-540-46513-8_6
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
