# Provable Security Against Differential Cryptanalysis

@inproceedings{Nyberg1992ProvableSA, title={Provable Security Against Differential Cryptanalysis}, author={Kaisa Nyberg and Lars Ramkilde Knudsen}, booktitle={CRYPTO}, year={1992} }

The purpose of this paper is to show that there exist DES-like iterated ciphers, which are provably resistant against differential attacks. The main result on the security of a DES-like cipher with independent round keys is Theorem 1, which gives an upper bound to the probability of r-round differentials, as defined in [3] and this upper bound depends only on the round function of the iterated cipher. Moreover, it is shown that there exist functions such that the probabilities of differentials…

## 215 Citations

Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis

- Mathematics, Computer ScienceASIACRYPT
- 2000

It is the main result of this paper that the upper bound of r-round (r ≥ 15) differential probabilities are bounded by p4 if the maximum differential probability of a round function is p, and an impossible differential of this structure does not exist if r ≥ 16.

New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis

- Computer Science, MathematicsFSE
- 1996

We introduce a methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round…

Resistance Against General Iterated Attacks

- Mathematics, Computer ScienceEUROCRYPT
- 1999

The main theorem enables to prove the security against iterated attacks of order d of some recently proposed block ciphers COCONUT98 and PEANUT98, as well as the AES candidate DFC.

Toward Provable Security of Substitution-Permutation Encryption Networks

- Computer Science, MathematicsSelected Areas in Cryptography
- 1998

Investigating some security properties of basic substitution-permutation encryption networks by studying the nonlinearity distribution and the XOR table distribution provides some evidence which shows that a basic SPN converges to a randomly generated s-box with the same dimensions as the SPN after enough number of rounds.

Seven New Block Cipher Structures with Provable Security against Differential Cryptanalysis

- Mathematics, Computer ScienceIEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2008

This paper introduces seven new block cipher structures, named Feistel-variant A, B, CLEFIA and MISTY-FO-variants A,B, C, D structures, and shows that these structures are provably resistant against differential cryptanalysis.

Provable Security for Block Ciphers by Decorrelation

- Computer Science, MathematicsSTACS
- 1998

A new way of protecting block ciphers against classes of attacks (including differential and linear crypt-analysis) which is based on the notion of decorrelation which is fairly connected to Carter-Wegman's notion of universal functions is investigated.

Provable Security Against Differential Attacks for Generalized SPN Structures

- Computer Science, MathematicsProceedings of the 2019 International Conference on Computer, Network, Communication and Information Systems (CNCI 2019)
- 2019

This work proves that the SPN structure with an extended diffusion layer provides a provable security against differential attack and linear attack and gives the first security evaluation for some SPS structures with the matrix over ( ) GF 2 against differentialAttack.

Provable Security against Differential and Linear Cryptanalysis for the SPN Structure

- Mathematics, Computer ScienceFSE
- 2000

This work proves that the SPN structure with a maximal diffusion layer provides a provable security against differential cryptanalysis and linear cryptanalysis in the sense that the probability of each differential is bounded by pn, where p (respectively q) is the maximum differential probability of n S-boxes used in the substitution layer.

A Note on the Higher Order Differential Attack of Block Ciphers with Two-Block Structures

- Mathematics, Computer ScienceICISC
- 2000

It is proved that in the case of 4 rounds encryption function, these three types provide an equal strength against higher order differential attack and that inThe case of 5 or more rounds, R-type is weaker than C-type and L-type, and it is shown that these facts also hold similarly for probabilistic higher orders differential attack.

Block Ciphers - A Survey

- Computer Science, MathematicsState of the Art in Applied Cryptography
- 1997

This paper gives a short overview of the state of the art of secret key block ciphers, namely for encryption, and focuses on the main application of block cips for encryption.

## References

SHOWING 1-9 OF 9 REFERENCES

Markov Ciphers and Differential Cryptanalysis

- Computer Science, MathematicsEUROCRYPT
- 1991

It is shown that PES (8) and PES(16) are immune to differential cryptanalysis after sufficiently many rounds, and a new design principle for Markov ciphers, viz., that their transition probability matrices should not be symmetric is suggested.

Differential Cryptanalysis of the Full 16-Round DES

- Computer Science, MathematicsCRYPTO 1992
- 1992

The first known attack is developed which is capable of breaking the full 16 round DES in less than the 255 complexity of exhaustive search and can be carried out in parallel on up to 233 disconnected processors with linear speedup.

Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption

- Computer Science, MathematicsEUROCRYPT
- 1988

It is shown that for C* it is practically infeasible to extract the n-tuple of n-variate polynomials representing the inverse of the corresponding public key.

Nonlinearity Criteria for Cryptographic Functions

- Mathematics, Computer ScienceEUROCRYPT
- 1989

Nonlinearity criteria for Boolean functions are classified in view of their suitability for cryptographic design and two criteria turn out to be of special interest, the distance to linear structures and the Distance to affine functions, which are shown to be invariant under all affine transformations.

Perfect Nonlinear S-Boxes

- Mathematics, Computer ScienceEUROCRYPT
- 1991

A perfect nonlinear S-box is a substitution transformation with evenly distributed directional derivatives and the number of input variables is at least twice thenumber of output variables.

On the Construction of Highly Nonlinear Permutations

- Computer Science, MathematicsEUROCRYPT
- 1992

The substitution boxes of DES are relatively small in dimension and they can be generated by testing randomly chosen functions for required design criteria, but when the dimensions grow larger, analytic construction methods become necessary.

Public quadratic polynomial-tuples for eficient s i p nature-verification and message-encryption. Advances in Cryptology - Eurocrypt '88

- Finite Fields. Encyclopedia of Mathematics and its applications,
- 1983