Cryptology ePrint Archive: Report 2001/033

Dual of New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs

Liam Keliher and Henk Meijer and Stafford Tavares

Abstract: In [3], we present a new algorithm for computing an upper bound on the maximum average linear hull probability (MALHP) for the SPN symmetric cipher structure, a value required to make claims about provable security against linear cryptanalysis. This algorithm improves on existing work in that the resulting upper bound is a function of the number of encryption rounds (other upper bounds known to the authors are not), and moreover, it can be computed for an SPN with any linear transformation layer (the best previous result, that of Hong et.al [4], applies only to SPNs with highly diffusive linear transformations).

It is well known that there exists a duality between linear cryptanalysis and differential cryptanalysis which allows certain results related to one of the attacks to be translated into the corresponding results for the other attack [1,5]. Since this duality applies to our work in [3], we immediately obtain an algorithm for upper bounding the maximum average differential probability (MADP) for SPNs (required to make claims about provable security against differential cryptanalysis).

Note: In what follows, we assume familiarity with the notation and results of [3].

Category / Keywords: secret-key cryptography / SPN, maximum average differential probability, provable security, Rijndael, AES

Publication Info: Not published elsewhere

Date: received 3 May 2001, last revised 9 May 2001

Contact author: keliher at cs queensu ca

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20010515:150552 (All versions of this report)

Short URL: ia.cr/2001/033

Discussion forum: Show discussion | Start new discussion