Proving the Security of AES Substitution-Permutation Network

In this paper we study the substitution-permutation network (SPN) on which Rijndael is based. We introduce Rijndael*, a SPN identical to Rijndael except that fixed S-boxes are replaced by random and independent permutations. We prove that this construction resists linear and differential cryptanalysis with 4 inner rounds only, despite the huge cumulative effect of multipath characteristics that is induced by the symmetries of Rijndael. We show that the DP and LP terms both tend towards 1/(2<sup>128</sup>-1) very fast when the number of round increases. This proves a conjecture by Keliher, Meijer, and Tavares. We further show that Rijndael* is immune to any iterated attack of order 1 after 10 rounds only, which substantially improves a previous result by Moriai and Vaudenay.


Published in:
Selected Areas in Cryptography, 12th International Workshop, SAC 2005, 3897, 65-81
Presented at:
Selected Areas in Cryptography, 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11-12, 2005
Year:
2005
Keywords:
Other identifiers:
Laboratories:




 Record created 2006-07-14, last modified 2018-03-17

n/a:
Download fulltextPDF
External link:
Download fulltextURL
Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)