Paper 2023/725
On Perfect Linear Approximations and Differentials over Two-Round SPNs
Abstract
Recent constructions of (tweakable) block ciphers with an embedded cryptographic backdoor relied on the existence of probability-one differentials or perfect (non-)linear approximations over a reduced-round version of the primitive. In this work, we study how the existence of probability-one differentials or perfect linear approximations over two rounds of a substitution-permutation network can be avoided by design. More precisely, we develop criteria on the s-box and the linear layer that guarantee the absence of probability-one differentials for all keys. We further present an algorithm that allows to efficiently exclude the existence of keys for which there exists a perfect linear approximation.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- A major revision of an IACR publication in CRYPTO 2023
- Keywords
- differential cryptanalysislinear cryptanalysisdecompositionboomerang connectivity tableweak keys
- Contact author(s)
-
christof beierle @ rub de
patrick felke @ hs-emden-leer de
gregor leander @ rub de
patrick neumann @ rub de
lukas stennes @ rub de - History
- 2023-05-22: approved
- 2023-05-19: received
- See all versions
- Short URL
- https://ia.cr/2023/725
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/725, author = {Christof Beierle and Patrick Felke and Gregor Leander and Patrick Neumann and Lukas Stennes}, title = {On Perfect Linear Approximations and Differentials over Two-Round {SPNs}}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/725}, year = {2023}, url = {https://eprint.iacr.org/2023/725} }