• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Practical Security Evaluation against Differential and Linear Cryptanalyses for the Lai-Massey Scheme with an SPS F-function

Vol. 8, No.10, October 31, 2014
10.3837/tiis.2014.10.020, Download Paper (Free):

Abstract

At SAC 2004, Junod and Vaudenay designed the FOX family based on the Lai-Massey scheme. They noted that it was impossible to find any useful differential characteristic or linear trail after 8 rounds of FOX64 or FOX128. In this paper, we provide the lower bound of differentially active S-boxes in consecutive rounds of the Lai-Massey scheme that has SPS as its F-function, and we propose the necessary conditions for the reachability of the lower bound. We demonstrate that similar results can be obtained with respect to the lower bound of linearly active S-boxes by proving the duality in the Lai-Massey scheme. Finally, we apply these results to FOX64 and FOX128 and prove that it is impossible to find any useful differential characteristics or linear trail after 6 rounds of FOX64. We provide a more precise security bound for FOX128.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Lishi Fu and Chenhui Jin, "Practical Security Evaluation against Differential and Linear Cryptanalyses for the Lai-Massey Scheme with an SPS F-function," KSII Transactions on Internet and Information Systems, vol. 8, no. 10, pp. 3624-3637, 2014. DOI: 10.3837/tiis.2014.10.020

[ACM Style]
Fu, L. and Jin, C. 2014. Practical Security Evaluation against Differential and Linear Cryptanalyses for the Lai-Massey Scheme with an SPS F-function. KSII Transactions on Internet and Information Systems, 8, 10, (2014), 3624-3637. DOI: 10.3837/tiis.2014.10.020