×

Linear frameworks for block ciphers. (English) Zbl 0971.94007

In the paper linear components in (block) cipher structures are investigated, especially with respect to their role in providing resistance against differential and linear cryptanalysis. The cipher structures studied are similar to the classical Substitution-Permutation networks, however instead of permutations more general linear transformations are considered. The main goal is to show that resistance against differential and linear cryptanalysis can be efficiently obtained by combining linear and nonlinear components, selected in a more independent way than in previously published examples of ciphers.
After a brief introduction background definitions are given in Section 2 together with a discussion of related work and motivation. In the next section first the round transformation is introduced and its table-lookup implementation is briefly outlined. Then, the general cipher structure is presented and it is shown that the inverse cipher has the same structure if certain conditions are met.
In Section 4 the authors briefly explain how the linear components of the cipher influence the resistance against differential and linear cryptanalysis. Section 5 contains a discussion on the criteria for linear transformations that optimize the resistance against differential and linear cryptanalysis. In Section 6 some existing designs are briefly discussed and shown to achieve suboptimal diffusion. Section 7 presents several concrete constructions for the key transformations. Two general structures (the hypercube structure and the rectangular structure) are presented that allow to construct ciphers with a wide range of block lengths. After that in Section 8 a dedicated attack is described and discussed. The paper ends with brief conclusions given in Section 9. Moreover, in a short Appendix the construction of one of the transformations used in the paper is given.

MSC:

94A60 Cryptography
PDFBibTeX XMLCite
Full Text: DOI