Paper 2023/725
On Perfect Linear Approximations and Differentials over Two-Round SPNs
, Ruhr University Bochum, University of Applied Sciences Emden Leer, Ruhr University Bochum, Ruhr University BochumAbstract
Recent constructions of (tweakable) block ciphers with an embedded cryptographic backdoor relied on the existence of probability-one differentials or perfect (non-)linear approximations over a reduced-round version of the primitive. In this work, we study how the existence of probability-one differentials or perfect linear approximations over two rounds of a substitution-permutation network can be avoided by design. More precisely, we develop criteria on the s-box and the linear layer that guarantee the absence of probability-one differentials for all keys. We further present an algorithm that allows to efficiently exclude the existence of keys for which there exists a perfect linear approximation.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A major revision of an IACR publication in CRYPTO 2023
- Keywords
- differential cryptanalysislinear cryptanalysisdecompositionboomerang connectivity tableweak keys
- Contact author(s)
-
christof beierle @ rub de
patrick felke @ hs-emden-leer de
gregor leander @ rub de
patrick neumann @ rub de
lukas stennes @ rub de - History
- 2023-05-22: approved
- 2023-05-19: received
- See all versions
- Short URL
- https://ia.cr/2023/725
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/725,
author = {Christof Beierle and Patrick Felke and Gregor Leander and Patrick Neumann and Lukas Stennes},
title = {On Perfect Linear Approximations and Differentials over Two-Round {SPNs}},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/725},
year = {2023},
url = {https://eprint.iacr.org/2023/725}
}
