Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)

Liam Keliher; Jiayuan Sui

Paper 2005/321

Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES)

Liam Keliher and Jiayuan Sui

Abstract

Provable security of a block cipher against differential~/ linear cryptanalysis is based on the \emph{maximum expected differential~/ linear probability} (MEDP~/ MELP) over $T \geq 2$ core rounds. Over the past few years, several results have provided increasingly tight upper and lower bounds in the case $T = 2$ for the Advanced Encryption Standard (AES). We show that the \emph{exact} value of the 2-round MEDP~/ MELP for the AES is equal to the best known lower bound: $53 / 2^{34} \approx 1.656 \times 2^{- 29}$ ~/ $109, 953, 193 / 2^{54} \approx 1.638 \times 2^{- 28}$ . This immediately yields an improved upper bound on the AES MEDP~/ MELP for , namely ~/ .

Note: Revision to fix problem with PS file. Content unchanged.

Metadata

Available format(s): PDF PS
Category: Secret-key cryptography
Publication info: Published elsewhere. Unknown where it was published
Keywords: AES Rijndael block ciphers SPN provable security differential cryptanalysis linear cryptanalysis
Contact author(s): lkeliher @ mta ca
History: 2005-09-15: revised; 2005-09-12: received; See all versions
Short URL: https://ia.cr/2005/321
License: CC BY

BibTeX

@misc{cryptoeprint:2005/321,
      author = {Liam Keliher and Jiayuan Sui},
      title = {Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard ({AES})},
      howpublished = {Cryptology {ePrint} Archive, Paper 2005/321},
      year = {2005},
      url = {https://eprint.iacr.org/2005/321}
}