Skip to Main content Skip to Navigation

Weakness of Block Ciphers Using Highly Nonlinear Confusion Functions

Anne Canteaut 1 Marion Videau 1
1 CODES - Coding and cryptography
Inria Paris-Rocquencourt
Abstract : The level of security of an iterated block cipher is mainly quantified in terms of resistance against known attacks. In particular the resistance against the two main generic attacks, the linear and the differential ones has been formalized in terms of «provable security» which lies on some properties of the confusion functions used in the system. It demands especiall- y that these functions have a high nonlinearity. However such a property implies in the case of almost bent functions, that the Walsh spectrum is divisible by a high power of 2. We show how this provides a new upper bound for the degree of the product of Boolean components of an almost bent function. This result leads to a higher order differential attack on any 5-round Feistel cipher using an almost bent function as a round function. We also show that it is precisely the origin of the weakness of MISTY1 allowing a 7-th order differential attack.
Document type :
Complete list of metadata
Contributor : Rapport de Recherche Inria Connect in order to contact the contributor
Submitted on : Tuesday, May 23, 2006 - 8:08:16 PM
Last modification on : Friday, January 21, 2022 - 3:18:54 AM
Long-term archiving on: : Sunday, April 4, 2010 - 10:59:06 PM


  • HAL Id : inria-00072221, version 1



Anne Canteaut, Marion Videau. Weakness of Block Ciphers Using Highly Nonlinear Confusion Functions. [Research Report] RR-4367, INRIA. 2002. ⟨inria-00072221⟩



Les métriques sont temporairement indisponibles