Substitution-Permutation networks: SPN Definition A substitution-permutation(SP)network is a product cipher composed of a number of stages each nvolving substitutions and permutations Substitution to;{01÷{01y Permutation Tp:{1,…,m}{1,…m The plaintext has Im bits X=XulI.. lIX Whe.0=(x/+1,…,X) The spn has Nr rounds, in which we perform on X m substitutionsπ s followed by one permutation兀p to get the ciphertext y
11 Substitution-Permutation Networks: SPN • Substitution pS : {0,1}l → {0,1}l • Permutation pP : {1, …,lm} → {1, …,lm} The plaintext has lm bits: x = x(1)|| . . . ||x(m) where: x(i)= (x(i-1)l+1 , . . . , xil ) The SPN has Nr rounds, in which we perform on x m substitutions pS followed by one permutation pP , to get the ciphertext y. Definition A substitution-permutation (SP) network is a product cipher composed of a number of stages each involving substitutions and permutations
SPN algorithm31:SPN(x,丌s,丌P,(K1,,KxN1) ← for rt1 to nr-l u'twr-0kn for i t1 to m do〈dova)+丌s(( (xy,…,nrcm) eKN for讠←1tom ←7s(a ←-0reNr+1 output(y) 12
12 SPN
K K S S 13 y
13
Kerchoffs' assumption The adversary knows all details of the encrypting function except the secret key
14 Kerchoffs’ assumption The adversary knows all details of the encrypting function except the secret key
Linear and differential cryptanalysis Linear crypt tanalysis was introduced by Matsui at eurocrypt 93 as a theoretical attack on DES and later successfully used in the practical cryptanalysis of ES Differential cryptanalysis was first presented by Biham and Shamir at CRYPTo 90 to attack des 15
15 Linear and Differential cryptanalysis • Linear cryptanalysis was introduced by Matsui at EUROCRYPT ’93 as a theoretical attack on DES and later successfully used in the practical cryptanalysis of DES • Differential cryptanalysis was first presented by Biham and Shamir at CRYPTO ’90 to attack DES