Proving the Security of AES Substitution-Permutation Network

In this paper we study the substitution-permutation network (SPN) on which Rijndael is based. We introduce Rijndael*, a SPN identical to Rijndael except that fixed S-boxes are replaced by random and independent permutations. We prove that this construction resists linear and differential cryptanalysis with 4 inner rounds only, despite the huge cumulative effect of multipath characteristics that is induced by the symmetries of Rijndael. We show that the DP and LP terms both tend towards 1/(2<sup>128</sup>-1) very fast when the number of round increases. This proves a conjecture by Keliher, Meijer, and Tavares. We further show that Rijndael* is immune to any iterated attack of order 1 after 10 rounds only, which substantially improves a previous result by Moriai and Vaudenay.

Published in:
Selected Areas in Cryptography, 12th International Workshop, SAC 2005, 3897, 65-81
Presented at:
Selected Areas in Cryptography, 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11-12, 2005
Other identifiers:

Note: The status of this file is: Anyone

 Record created 2006-07-14, last modified 2020-07-30

Download fulltextPDF
External link:
Download fulltextURL
Rate this document:

Rate this document:
(Not yet reviewed)