On the Security of Nested SPN Cipher against the Differential and Linear Cryptanalysis

Fumihiko SANO  Kenji OHKUMA  Hideo SHIMIZU  Shinichi KAWAMURA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E86-A   No.1   pp.37-46
Publication Date: 2003/01/01
Online ISSN: 
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Symmetric Ciphers and Hash Functions
block cipher,  SPN,  cryptanalysis,  

Full Text: PDF>>
Buy this Article

We extend the theorem by Hong et al. which gives the upper bounds of the maximum average differential and linear hull probabilities (MADP and MALHP) for SPN block cipher with optimal or quasi-optimal diffusion layers, to the case of nested SPN (NSPN) cipher. Applying the extended theorem to two NSPN ciphers, Hierocrypt-3 of 128-bit block and Hierocrypt-L1 of 64-bit block, we estimated that MADP and MALHP for 2-round Hierocrypt-3 are bounded by 2-96, and that those for 2-round Hierocrypt-L1 are bounded by 2-48. The extended theorem is also applied to AES, and found that MADP and MALHP are bounded by 2-96 for its 4-round reduced model. The last result outperforms the best previous result 2-92 for 10-round by Keliher et al.