This preview shows page 1. Sign up to view the full content.
Unformatted text preview: with higherorder differential cryptanalysis. Who knows? Previous Table of Contents Next Products  Contact Us  About Us  Privacy  Ad Info  Home Use of this site is subject to certain Terms & Conditions, Copyright © 19962000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
Go!
Keyword
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 12.5 The Real Design Criteria
After differential cryptanalysis became public, IBM published the design criteria for the Sboxes and the Pbox [373,374]. The criteria for the Sboxes are: — Each Sbox has 6 input bits and 4 output bits. (This was the largest size that could be accommodated in a single chip with 1974 technology.) — No output bit of an Sbox should be too close to a linear function of the input bits. — If you fix the leftmost and rightmost bits of an Sbox and vary the 4 middle bits, each possible 4bit output is attained exactly once. — If two inputs to an Sbox differ in exactly 1 bit, the outputs must differ in at least 2 bits. — If two inputs to an Sbox differ in the 2 middle bits exactly, the outputs must differ in at least 2 bits. — If two inputs to an Sbox differ in their first 2 bits and are identical in their last 2 bits, the two outputs must not be the same. — For any nonzero 6bit difference between inputs, no more than 8 of the 32 pairs of inputs exhibiting that difference may result in the same output difference. — A criterion similar to the previous one, but for the case of three active Sboxes. The criteria for the Pbox are: — The 4...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details