2006 | OriginalPaper | Chapter
Proving the Security of AES Substitution-Permutation Network
Authors : Thomas Baignères, Serge Vaudenay
Published in: Selected Areas in Cryptography
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
In this paper we study the substitution-permutation network (SPN) on which
AES
is based. We introduce
AES
*
, a SPN identical to
AES
except that fixed S-boxes are replaced by random and independent permutations. We prove that this construction resists linear and differential cryptanalysis with 4 inner rounds only, despite the huge cumulative effect of multipath characteristics that is induced by the symmetries of
AES
. We show that the DP and LP terms both tend towards 1/(2
128
− 1) very fast when the number of round increases. This proves a conjecture by Keliher, Meijer, and Tavares. We further show that
AES
*
. is immune to any iterated attack of order 1 after 10 rounds only, which substantially improves a previous result by Moriai and Vaudenay.