Proving the Security of AES Substitution-Permutation Network

14 years 5 months ago

Download lasecwww.epfl.ch

In this paper we study the substitution-permutation network (SPN) on which AES is based. We introduce AES∗ , a SPN identical to AES except that ﬁxed S-boxes are replaced by random and independent permutations. We prove that this construction resists linear and diﬀerential cryptanalysis with 4 inner rounds only, despite the huge cumulative eﬀect of multipath characteristics that is induced by the symmetries of AES. We show that the DP and LP terms both tend towards 1/(2128 −1) very fast when the number of round increases. This proves a conjecture by Keliher, Meijer, and Tavares. We further show that AES∗ is immune to any iterated attack of order 1 after 10 rounds only, which substantially improves a previous result by Moriai and Vaudenay.

Thomas Baignères, Serge Vaudenay

Real-time Traffic

Construction Resists Linear | Huge Cumulative Eﬀect | SACRYPT 2005 | Substitution-permutation Network |

claim paper

Post Info
More Details (n/a)

Added	28 Jun 2010
Updated	28 Jun 2010
Type	Conference
Year	2005
Where	SACRYPT
Authors	Thomas Baignères, Serge Vaudenay

Comments (0)

Sciweavers

Proving the Security of AES Substitution-Permutation Network

Construction Resists Linear | Huge Cumulative Eﬀect | SACRYPT 2005 | Substitution-permutation Network |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers