Paper 2005/321

Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)

Liam Keliher and Jiayuan Sui

Abstract

Provable security of a block cipher against differential~/ linear cryptanalysis is based on the \emph{maximum expected differential~/ linear probability} (MEDP~/ MELP) over $T \geq 2$ core rounds. Over the past few years, several results have provided increasingly tight upper and lower bounds in the case $T=2$ for the Advanced Encryption Standard (AES). We show that the \emph{exact} value of the 2-round MEDP~/ MELP for the AES is equal to the best known lower bound: $53/2^{34} \approx 1.656 \times 2^{-29}$~/ $109,953,193/2^{54} \approx 1.638 \times 2^{-28}$. This immediately yields an improved upper bound on the AES MEDP~/ MELP for $T \geq 4$, namely $\left( 53/2^{34} \right)^4 \approx 1.881 \times 2^{-114}$~/ $\left( 109,953,193/2^{54} \right)^4 \approx 1.802 \times 2^{-110}$.

Note: Revision to fix problem with PS file. Content unchanged.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AESRijndaelblock ciphersSPNprovable securitydifferential cryptanalysislinear cryptanalysis
Contact author(s)
lkeliher @ mta ca
History
2005-09-15: revised
2005-09-12: received
See all versions
Short URL
https://ia.cr/2005/321
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/321,
      author = {Liam Keliher and Jiayuan Sui},
      title = {Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)},
      howpublished = {Cryptology ePrint Archive, Paper 2005/321},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/321}},
      url = {https://eprint.iacr.org/2005/321}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.