Weakness of Block Ciphers Using Highly Nonlinear Confusion Functions

Anne Canteaut 1 Marion Videau 1
1 CODES - Coding and cryptography
Inria Paris-Rocquencourt
Abstract : The level of security of an iterated block cipher is mainly quantified in terms of resistance against known attacks. In particular the resistance against the two main generic attacks, the linear and the differential ones has been formalized in terms of «provable security» which lies on some properties of the confusion functions used in the system. It demands especiall- y that these functions have a high nonlinearity. However such a property implies in the case of almost bent functions, that the Walsh spectrum is divisible by a high power of 2. We show how this provides a new upper bound for the degree of the product of Boolean components of an almost bent function. This result leads to a higher order differential attack on any 5-round Feistel cipher using an almost bent function as a round function. We also show that it is precisely the origin of the weakness of MISTY1 allowing a 7-th order differential attack.
Type de document :
[Research Report] RR-4367, INRIA. 2002
Liste complète des métadonnées

Contributeur : Rapport de Recherche Inria <>
Soumis le : mardi 23 mai 2006 - 20:08:16
Dernière modification le : vendredi 25 mai 2018 - 12:02:03
Document(s) archivé(s) le : dimanche 4 avril 2010 - 22:59:06



  • HAL Id : inria-00072221, version 1



Anne Canteaut, Marion Videau. Weakness of Block Ciphers Using Highly Nonlinear Confusion Functions. [Research Report] RR-4367, INRIA. 2002. 〈inria-00072221〉



Consultations de la notice


Téléchargements de fichiers