Combining conjugation and affine equivalence, sometimes we can transform non-linear special $S$-box to conjugate affine substitution $S_{1}$. Usually for given $S$, $S_{1}$ there are many different auxiliary substitutions $\varphi $. Conjugate diffusion map and XOR operation become non-linear, but taking appropriate $\varphi $ we can get large probabilities of differentials and linear sums of diffusion map and XOR.
For example AES substitution (as finite field inverting) is approximately conjugate with bit changing substitution. That conjugate substitution has differentials and linear sums of probability 1. Corresponding byte substitution $\varphi $ defines non-linear conjugate diffusion map and non-linear conjugate to XOR operation with round key. Probabilities of differentials (biases of linear sums) of byte substitution of conjugate diffusion map are 8-12 times more then corresponding values of original $S$-box. Probabilities of differentials of conjugate XOR with the round key byte depends on the round key and can be 1 for some key bytes.
Category / Keywords: secret-key cryptography / AES, block ciphers, linear cryptanalysis Date: received 11 Mar 2009 Contact author: rostovtsev at ssl stu neva ru Available formats: PDF | BibTeX Citation Version: 20090314:051352 (All versions of this report) Discussion forum: Show discussion | Start new discussion