Linear-Differential Cryptanalysis for SPN Cipher Structure and AES

0 Introduction Substitution and permutation network (SPN) structure is one of the most widely used structures in block ciphers. The SPN structure is based on Shannon’s principles of confusion and diffusion1] and these principles are implemented through …

Linear-differential cryptanalysis for SPN cipher structure and AES

A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptanalysis, and works by using linear-differential probability (LDP). Moreover, we present a new method for upper bounding the maximum linear-differential probability (MLDP) for 2 rounds of substitution permutation network (SPN) cipher structure. When our result applies to 2-round advanced encryption standard(AES), It is shown that the upper bound of MLDP is up to 1.68×2⁻¹⁹, which extends the known results for the 2-round SPN. Furthermore, when using a recursive technique, we obtain that the MLDP for 4 rounds of AES is bounded by 2⁻⁷³. Biography: WEI Yongzhuang (1976–), male, Ph. D. candidate, Lecturer of Guilin University of Electronics Technology, research direction: cryptology.