Research On The Provable Security Of The AES-Like Structures Against Differential And Impossible Differential Cryptanalysis

The security of block cipher AES,has been widely studied these years.Meanwhile,since AES was designed with beautiful provable security and high implementation performance,many other ciphers adopt AES-like structures in the designing.Therefore,we investigate the provable security of AES-like structures against differential and impossible differential cryptanalysis,and results on four aspects are as follows:1.We improve the existing 3D block cipher,which employs alternate structure.In our improvement,a non-alternate structure is used to obtain better implementation performance than the original one.What's more,we prove that the new 3D structure possesses the same diffusion property and practical security against differential cryptanalysis,in terms of reachable lower bound on the number of differential active S-boxes.Namely,any 4-and 2r(r?3)-round differential trails of the new 3D struxture have at least 25 andB_d~2?rB_d(B_d-1)active S-boxes respectively.Here,dB denotes the differential branch number of the Mix Column transformation.2.For a special type of AES-like structure(with M×M~2 state matrix,arbitrarily chosen shifting operation that provides full diffusion with three rounds,and Mix Columns transformation adopting MDS matrix),we give a simple but efficient method on counting the number of differentially active S-boxes: 2r(r?3)-round differential trials of any such AES-like structures have at least r M(M+1)active S-boxes,and this lower bound is reachable under some conditions.Apply this method to original(or new)3D cipher,and hash function LANE,we get the reachable lower bound on the number of differentially active S-boxes,both are better than existing results gained by computer searching.3.After analyzing the algebraic properties of AES S-box,we prove that there do not exist truncated impossible differentials longer than 4 rounds for AES,under the assumption that round keys are independent and uniformly random.Furthermore,the method and result can be extended generalized AES-like ciphers with some limitations,giving reachable upper bound on the length of truncated impossible differentials.Naturally,we deduce that there do not exist truncated impossible differentials longer than 6 rounds.4.We propose a scheme on constructing an “ideal S-box cluster”.By combining existing Sboxes and keys,we build a composite S-box that has not only the differential properties of an “ideal S-box cluster”,but also remarkable lower MDP(Maximum Differential Probability)compared with component S-boxes.Most importantly,for SPN(Substitution-Permutation Network)block ciphers employing such S-boxes clusters,the upper bounds on the length of truncated impossible differentials can be theoretically proved when S-boxes are considered.