E. Biham and A. Shamir, "Di#erential Cryptanalysis of DES-like Cryptosystems," Journal of Cryptology, Vol. 4, No. 1, 1991, pp. 3--72.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....In this paper, many cases of these cipher structures will be analyzed for their hardware complexities and performances. 2 Background 2. 1 Properties of S boxes The properties of the S boxes in a cipher are important in the consideration of a cipher s security against di#erential cryptanalysis [8] and linear cryptanalysis [9] An mn S box, S, performs a mapping from an m bit input X to an n bit output Y . Considering all S boxes, S , in a cipher, the maximum di#erential probability p s is defined as: p s = max #X #=0,#Y prob S i (X) S i (X ##X) #Y where # denotes a ....

E. Biham and A. Shamir, "Di#erential cryptanalysis of DES-like cryptosystems", Advances in Cryptology - CRYPTO '90 , Lecture Notes in Computer Science 537, pp. 2-21. Springer-Verlag, 1991.

....(SPN) In such a cipher, a Substitution box (S box) achieves confusion by performing substitution on a small subblock. An nm S box refers to a mapping from an input of n bits to an output of m bits. An S box is expected to be nonlinear and resistant to cryptanalyses such as di#erential attacks [2] and linear attacks [3] In recently proposed SPN based block ciphers (e.g. Rijndael [4] Hierocrypt [5] Anubis [6] and Khazad [7] permutations between layers of S boxes have been replaced by linear transformations in the form of mappings based on Maximum Distance Separable (MDS) codes to ....

.... elements in the input and output when the input elements are not all zero [11] It is desirable that a linear transformation has a high branch number when it is used after a layer of S boxes in a block cipher, in order for there to be low probabilities for di#erential and linear characteristics [2, 3]. A mapping based on a (2k, k, k 1) code has an optimal branch number of k 1. 2.2 Bit Parallel Multipliers An MDS mapping can be regarded as matrix multiplication in a Galois field. Since the generation matrix is constant, each element in the encoded message is the XOR of several outputs of ....

E. Biham and A. Shamir, "Di#erential cryptanalysis of DES-like cryptosystems", Advances in Cryptology - CRYPTO '90 , Lecture Notes in Computer Science 537, pp. 2-21. Springer-Verlag, 1991.

No context found.

E. Biham and A. Shamir, "Di#erential Cryptanalysis of DES-like Cryptosystems," Journal of Cryptology, Vol. 4, No. 1, 1991, pp. 3--72.

No context found.

E. Biham and A. Shamir, "Di#erential Cryptanalysis of DES-like Cryptosystems," Journal of Cryptology, Vol. 4, No. 1, 1991, pp. 3--72.

No context found.

E. Biham, A. Shamir, "Di#erential Cryptanalysis of DES-like Cryptosystems", in Advances in Cryptology -- Crypto'90, LNCS 537, pp. 2-21, Springer-Verlag, 1991.

No context found.

E. Biham and A. Shamir, "Di#erential Cryptanalysis of DES-like Cryptosystems," Journal of Cryptology, Vol. 4, No. 1, 1991, pp. 3--72.

No context found.

E. Biham, A. Shamir, "Di#erential Cryptanalysis of DES-like Cryptosystems," Crypto '90 (A. Menezes, S. A. Vanstone, eds.), vol. 537 of LNCS, pp. 2-21, Springer-Verlag, 1991.

No context found.

E. Biham and A. Shamir, "Di#erential cryptanalysis of DES-like cryptosystems," in Menezes and Vanstone [91], pp. 2--21.

No context found.

E. Biham, A. Shamir, "Di#erential Cryptanalysis of DES-like Cryptosystems", in Advances in Cryptology -- Crypto'90, LNCS 537, pp. 2-21, Springer-Verlag, 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC