Abstract
Differential cryptanalysis is a method of attacking iterated mappings based on differences known as characteristics. The probability of a given characteristic is derived from the XOR tables associated with the iterated mapping. If π is a mapping π: Z m2 , then for each Δ, X, ΔY ε Z m2 the XOR table for π gives the number of input pairs of difference ΔX=X+X′ for which gp(X)+π(X′)=ΔY.
The complexity of a differential attack depends upon two properties of the XOR tables: the density of zero entries in the table, and the size of the largest entry in the table. In this paper we present the first results on the expected values of these properties for a general class of mappings π. We prove that if π: Z m2 → Z m2 is a bijective mapping, then the expected size of the largest entry in the XOR table for π is bounded by 2m, while the fraction of the XOR table that is zero approaches e −1/2=0.60653. We are then able to demonstrate that there are easily constructed classes of iterated mappings for which the probability of a differential-like attack succeeding is very small.
Article PDF
Similar content being viewed by others
References
C. M. Adams. On immunity against Biham and Shamir's differential cryptanalysis. Information Processing Letters, 41:77–80, 1992.
T. Beth and C. Ding. On almost perfect nonlinear permutations. Advances in Cryptology—EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, T. Helleseth, ed., Springer-Verlag, Berlin, pages 65–76, 1994.
E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.
E. Biham and A. Shamir. Differential cryptanalysis of the full 16-round DES. Technical Report 708, Technion, Israel Institute of Technology, Haifa, 1991.
E. Biham and A. Shamir. Differential cryptanalysis of Snefru, Khafre, REDOCII, LOKI, and LUCIFER. Advances in Cryptology, CRYPTO 91, Lecture Notes in Computer Science, vol. 576, J. Feigenbaum, ed., Springer-Berlag, Berlin, pages 156–171, 1992.
L. P. Brown, M. Kwan, J. Pieprzyk, and J. Seberry. Improving resistance to differential cryptanalysis and the redesign of LOKI. Advances in Cryptology, ASIACRYPT 91, Lecture Notes in Computer Science, vol. 739, H. Imai et al., eds., Springer-Verlag, Berlin, pages 36–50, 1993.
L. P. Brown, J. Pieprzyk, and J. Seberry. LOKI—a cryptographic primitive for authentication and secrecy applications. Advances in Cryptology, AUSCRYPT 90, Lecture Notes in Computer Science, vol. 453, J. Seberry and J. Pieprzyk, eds., Springer-Verlag, Berlin, pages 229–236, 1990.
T. Cusick and M. Wood. The REDOC-II cryptosystem. Advances in Cryptology, CRYPTO90, Lecture Notes in Computer Science, vol. 537, A. J. Menezes and S. A. Vanstone, ed., Springer-Verlag, Berlin, pages 545–563, 1991.
J. Detombe and S. Tavares. Constructing large cryptographically strong S-boxes. Advances in Cryptology, AUSCRYPT 92, Lecture Notes in Computer Science, vol. 718, J. Seberry and Y. Zheng, eds., Springer-Verlag, Berlin, pages 165–181, 1993.
H. Feistel. Cryptography and computer privacy. Scientific American, 228(5):15–23, 1973.
J. Gordon and H. Retkin. Are big S-boxes best? Cryptography, Proceedings, Burg Feuerstein, T. Beth, ed., Springer-Verlag, Berlin, pages 257–262, 1982.
R. L. Graham, D. E. Knuth, and O. Patshnik. Concrete Mathematics, A Foundation for Computer Science. Addison-Wesley, Reading, MA, 1989.
M. Hall. Combinatorial Theory. Blaisdell, Waltham, MA, 1967.
M. Hofri. Probabilistic Analysis of Algorithms. Springer-Verlag, New York, 1987.
L. R. Knudsen. Cryptanalysis of LOKI. Advances in Cryptology, ASIACRYPT 91, Lecture Notes in Computer Science, vol. 739, H. Imai et al., eds., Springer-Verlag, Berlin, pages 237–246, 1993.
X. Lai. On the Design and Security and Block Ciphers. ETH Series in Information Processing, J. Massey, ed. Hartung-Gorre Verlag, Konstanz, 1992.
X. Lai and J. L. Massey. A proposal for a new block encryption standard. Advances in Cryptology, EUROCRYPT 90, Lecture Notes in Computer Science, vol. 473, I. B. Damgård, ed., Springer-Verlag, Berlin, pages 389–404, 1991.
R. Merkle. Fast software encryption functions. Advances in Cryptology, CRYPTO 90, Lecture Notes in Computer Science, vol. 537, A. J. Menezes and S. A. Vanstone, ed., Springer-Verlag, Berlin, pages 476–501, 1991.
K. Nyberg. Perfect nonlinear S-boxes. Advances in Cryptology, EUROCRYPT 91, Lecture Notes in Computer Science, vol. 547, D. W. Davies, ed., Springer-Verlag, Berlin, pages 378–386, 1991.
K. Nyberg. Differentially uniform mappings for cryptography. Advances in Cryptology—EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, T. Helleseth, ed., Springer-Verlag, Berlin, pages 55–64, 1994.
K. Nyberg and L. R. Knudsen. Provable security against differential cryptanalysis. Talk given at the Rump Session of CRYPTO 92, August, 1992.
L. J. O'Connor. Enumerating nondegenerate permutations. Advances in Cryptology, EUROCRYPT 91, Lecture Notes in Computer Science, vol. 547, D. W. Davies, ed., Springer-Verlag, Berlin, pages 368–377, 1991.
L. J. O'Connor. On the distribution of characteristics in composite permutations. Advances in Cryptology—CRYPTO 93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson, ed., Springer-Verlag, Berlin, pages 403–412, 1994.
E. M. Reingold, J. Nievergeld, and N. Deo. Combinatorial Algorithms: Theory and Practice. Prentice-Hall, Englewood Cliffs, NJ, 1976.
A. Shimizu and S. Miyaguchi. Fast data encipherment algorithm FEAL. Advances in Cryptology, EUROCRYPT 87, Lecture Notes in Computer Science, vol. 304, D. Chaum and W. L. Price, eds., Springer-Verlag, Berlin, pages 267–278, 1988.
Author information
Authors and Affiliations
Additional information
Communicated by Adi Shamir
The author is presently employed by the Distributed System Technology Center, Brisbane, Australia.
Rights and permissions
About this article
Cite this article
O'Connor, L. On the distribution of characteristics in bijective mappings. J. Cryptology 8, 67–86 (1995). https://doi.org/10.1007/BF00190756
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00190756