**Dual of New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs**

*Liam Keliher and Henk Meijer and Stafford Tavares*

**Abstract: **In [3], we present a new algorithm for computing an upper bound on
the maximum average linear hull probability (MALHP) for the SPN
symmetric cipher structure, a value required to make claims about
provable security against linear cryptanalysis. This algorithm
improves on existing work in that the resulting upper bound is a
function of the number of encryption rounds (other upper bounds
known to the authors are not), and moreover, it can be computed
for an SPN with any linear transformation layer (the best previous
result, that of Hong et.al [4], applies only to SPNs with highly
diffusive linear transformations).

It is well known that there exists a duality between linear cryptanalysis and differential cryptanalysis which allows certain results related to one of the attacks to be translated into the corresponding results for the other attack [1,5]. Since this duality applies to our work in [3], we immediately obtain an algorithm for upper bounding the maximum average differential probability (MADP) for SPNs (required to make claims about provable security against differential cryptanalysis).

Note: In what follows, we assume familiarity with the notation and results of [3].

**Category / Keywords: **secret-key cryptography / SPN, maximum average differential probability, provable security, Rijndael, AES

**Publication Info: **Not published elsewhere

**Date: **received 3 May 2001, last revised 9 May 2001

**Contact author: **keliher at cs queensu ca

**Available format(s): **Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

**Version: **20010515:150552 (All versions of this report)

**Short URL: **ia.cr/2001/033

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]