Paper 2020/179

Mind the Middle Layer: The HADES Design Strategy Revisited

Nathan Keller and Asaf Rosemarin


The HADES design strategy combines the classical SPN construction with the Partial SPN (PSPN) construction, in which at every encryption round, the non-linear layer is applied to only a part of the state. In a HADES design, a middle layer that consists of PSPN rounds is surrounded by outer layers of SPN rounds. The security arguments of HADES with respect to statistical attacks use only the SPN rounds, disregarding the PSPN rounds. This allows the designers to not pose any restriction on the MDS matrix used as the linear mixing operation. In this paper we show that the choice of the MDS matrix significantly affects the security level provided by HADES designs. If the MDS is chosen properly, then the security level of the scheme against differential and linear attacks is significantly higher than claimed by the designers. On the other hand, weaker choices of the MDS allow for extremely large invariant subspaces that pass the entire middle layer without activating any non-linear operation (a.k.a. S-box). We showcase our results on the Starkad and Poseidon instantiations of HADES. For Poseidon, we significantly improve the lower bounds on the number of active S-boxes with respect to both differential and linear cryptanalysis provided by the designers -- for example, from 28 to 60 active S-boxes for the t=6 variant. For Starkad, we show that the t=24 variant proposed by the designers admits an invariant subspace of a huge size of $2^{1134}$ that passes any number of PSPN rounds without activating any S-box. Furthermore, we show that the problem can be fixed easily by replacing t with any value that is not divisible by four.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in EUROCRYPT 2021
Partial SPNHADES designMDS matrixSTARKsFinite fields.
Contact author(s)
nathan keller27 @ gmail com
2021-09-11: revised
2020-02-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nathan Keller and Asaf Rosemarin},
      title = {Mind the Middle Layer: The {HADES} Design Strategy Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2020/179},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.