Substitution-Permutation networks: sPn Definition A substitution-permutation(SP) network is a product cipher composed of a number of stages each involving substitutions and permutations Substitution Ts: 0, 1)>10, 1] Permutation Tp:{1,…,m}{1,…!m The plaintext has Im bits: X=X1l..IX where: XG=(X (-+1 The spn has Nrrounds, in which we perform on x m substitutions Ts followed by one permutation Tp, to get the ciphertext y
11 Substitution-Permutation Networks: SPN • Substitution pS : {0,1}l → {0,1}l • Permutation pP : {1, …,lm} → {1, …,lm} The plaintext has lm bits: x = x(1)|| . . . ||x(m) where: x(i)= (x(i-1)l+1 , . . . , xil ) The SPN has Nr rounds, in which we perform on x m substitutions pS followed by one permutation pP , to get the ciphertext y. Definition A substitution-permutation (SP) network is a product cipher composed of a number of stages each involving substitutions and permutations
SPN Algorithm31:SPN(x,丌s,丌P,(K1,…,KN+) for rt1 to Nr-1 ④F for i 1 to m do do va <asn(r P(1 丌P(e r u w ⊕K fori←1tom do uio ts(u(o) 6 KNr+ output(y) 12
12 SPN
K K K 13 y
13
Kerchoffs'assumption The adversary knows all details of the encrypting function except the secret key
14 Kerchoffs’ assumption The adversary knows all details of the encrypting function except the secret key
Linear and differential cryptanalysis Linear cryptanalysis was introduced by Matsui at eurocrypt 93 as a theoretical attack on des and later successfully used in the practical cryptanal ysis of des Differential cryptanalysis was first presented by Biham and Shamir at CRYPTo 90 to attack Des 15
15 Linear and Differential cryptanalysis • Linear cryptanalysis was introduced by Matsui at EUROCRYPT ’93 as a theoretical attack on DES and later successfully used in the practical cryptanalysis of DES • Differential cryptanalysis was first presented by Biham and Shamir at CRYPTO ’90 to attack DES