Open AccessA Link Between Integrals and Higher‐Order Integrals of SPN Ciphers
Author(s) -
Li Ruilin,
Sun Bing,
Li Chao
Publication year - 2013
Publication title -
etri journal
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.295
H-Index - 46
eISSN - 2233-7326
pISSN - 1225-6463
DOI - 10.4218/etrij.13.0111.0624
Subject(s) - block cipher , linear cryptanalysis , mathematics , cryptography , cipher , order (exchange) , computer science , theoretical computer science , algorithm , encryption , computer security , finance , economics
Integral cryptanalysis, which is based on the existence of (higher‐order) integral distinguishers, is a powerful cryptographic method that can be used to evaluate the security of modern block ciphers. In this paper, we focus on substitution‐permutation network (SPN) ciphers and propose a criterion to characterize how an r ‐round integral distinguisher can be extended to an ( r +1)‐round higher‐order integral distinguisher. This criterion, which builds a link between integrals and higher‐order integrals of SPN ciphers, is in fact based on the theory of direct decomposition of a linear space defined by the linear mapping of the cipher. It can be directly utilized to unify the procedure for finding 4‐round higher‐order integral distinguishers of AES and ARIA and can be further extended to analyze higher‐order integral distinguishers of various block cipher structures. We hope that the criterion presented in this paper will benefit the cryptanalysts and may thus lead to better cryptanalytic results.