This Article 
 Bibliographic References 
 Add to: 
Avalanche Characteristics of Substitution-Permutation Encryption Networks
September 1995 (vol. 44 no. 9)
pp. 1131-1139

Abstract—This paper develops analytical models for the avalanche characteristics of a class of block ciphers usually referred to as substitution-permutation encryption networks or SPNs. An SPN is considered to display good avalanche characteristics if a one bit change in the plaintext input is expected to result in close to half the ciphertext output bits changing. Good avalanche characteristics are important to ensure that a cipher is not susceptible to statistical attacks and the strength of an SPN’s avalanche characteristics may be considered as a measure of the randomness of the ciphertext. The results presented in this paper demonstrate that the avalanche behavior of encryption networks can be improved by using larger S-boxes. As well, it is shown that increasing the diffusion properties of the S-boxes or replacing the permutations by diffusive linear transformations is effective in improving the network avalanche characteristics.

[1] National Bureau of Standards, “Data encryption standard (DES),” Federal Information Processing Standard Publication 46, 1977.
[2] W. Diffie and M. Hellman,“Exhaustive cryptanalysis of the NBS data encryption standard,” Computer, vol. 10, pp. 74-84, 1977.
[3] M.J. Wiener,“Efficient DES key search,” technical report, School of Computer Science, Carleton Univ., Ottawa, Canada, May 1994. Presented at the Rump Session of CRYPTO’93.
[4] W. Diffie and M.E. Hellman,“Privacy and authentication: An introduction to cryptography,” Proc. IEEE, vol. 67, no. 3, pp. 397-427, 1979.
[5] H.M. Heys and S.E. Tavares,“Key clustering in substitution-permutation network cryptosystems,” Workshop Selected Areas in Cryptography (SAC’94), Queen’s Univ., Kingston, Canada, May 1994.
[6] H. Feistel,“Cryptography and computer privacy,” Scientific American, vol. 228, no. 5, pp. 15-23, 1973.
[7] C.E. Shannon,“Communication theory of secrecy systems,” Bell System Technical J., vol. 28, pp. 656-715, 1949.
[8] J.B. Kam and G.I. Davida,“A structured design of substitution-permutation encryption networks,” IEEE Trans. Computers, vol. 28, no. 10, pp. 747-753, 1979.
[9] H.M. Heys and S.E. Tavares,“Substitution-permutation networks resistant to differential and linearcryptanalysis,” accepted for publication J. Cryptology, vol. 8, no. 4, 1995 (to appear).
[10] E. Biham and A. Shamir,“Differential cryptanalysis of DES-like cryptosystems,” J. Cryptology, vol. 4, no. 1, pp. 3-72, 1991.
[11] M. Matsui,“Linear cryptanalysis method for DES cipher,” Advances in Cryptology: Proc. EUROCRYPT’93, pp. 386-397,Berlin, Springer-Verlag, 1994.
[12] A. Shimizu and S. Miyaguchi,“Fast data encipherment algorithm: FEAL,” Advances in Cryptology: Proc. EUROCRYPT’87, pp. 267-278,Berlin, Springer-Verlag, 1988.
[13] L. Brown,J. Pieprzyk,, and J. Seberry,“LOKI—A cryptographic primitive for authentication and secrecyapplications,” Advances in Cryptology: Proc. AUSCRYPT’90, pp. 229-236,Berlin, Springer-Verlag, 1990.
[14] L. Brown,M. Kwan,J. Pieprzyk,, and J. Seberry,“Improving resistance to differential cryptanalysis and the redesign ofLOKI,” Advances in Cryptology: Proc. ASIACRYPT’91, pp. 36-50,Berlin, Springer-Verlag, 1993.
[15] X. Lai and J. Massey,“A proposal for a new block encryption standard,” Advances in Cryptology: Proc. EUROCRYPT’90, pp. 389-404,Berlin, Springer-Verlag, 1991.
[16] X. Lai,J. Massey,, and S. Murphy,“Markov ciphers and differential cryptanalysis,” Advances in Cryptology: Proc. EUROCRYPT’91, pp. 17-38,Berlin, Springer-Verlag, 1991.
[17] H. Feistel,W.A. Notz,, and J.L. Smith,“Some cryptographic techniques for machine-to-machine datacommunications,” Proc. IEEE, vol. 63, no. 11, pp. 1,545-1,554, 1975.
[18] A.F. Webster and S.E. Tavares,“On the design of S-boxes,” Advances in Cryptology: Proc. CRYPTO’85, pp. 523-534,Berlin, Springer-Verlag, 1986.
[19] R. Forré,“The strict avalanche criterion: Spectral properties of Boolean functionsand an extended definition,” Advances in Cryptology: Proc. CRYPTO’88, pp. 450-468,Berlin, Springer-Verlag, 1990.
[20] C.M. Adams and S.E. Tavares,“The structured design of cryptographically good S-boxes,” J. Cryptology, vol. 3, no. 1, pp. 27-41, 1990.
[21] S. Lloyd,“Counting functions satisfying a higher order strict avalanchecriterion,” Advances in Cryptology: Proc. EUROCRYPT’89, pp. 63-74,Berlin, Springer-Verlag, 1990.
[22] B. Preneel,W. Van Leekwijck,L. Van Linden,R. Govaerts,, and J. Vandewalle,“Propagation characteristics of Boolean functions,” Advances in Cryptology: Proc. EUROCRYPT’90, pp. 161-173,Berlin, Springer-Verlag, 1991.
[23] K. Kim,T. Matsumoto,, and H. Imai,“A recursive construction method of S-boxes satisfying strict avalancecriterion,” Advances in Cryptology: Proc. CRYPTO’90, pp. 545-553,Berlin, Springer-Verlag, 1991.
[24] E. Biham and A. Shamir,“Differential cryptanalysis of the full 16-round DES,” Advances in Cryptology: Proc. CRYPTO’92, pp. 487-496,Berlin, Springer-Verlag, 1993.
[25] W. Feller,An Introduction to Probability Theory and Its Applications.New York: John Wiley&Sons, Third edition, 1968.
[26] F.S. Roberts,Applied Combinatorics.Englewood Cliffs, N.J.: Prentice Hall, 1984.
[27] F. Ayoub,“The design of complete encryption networks using cryptographicallyequivalent permutations,” Computers and Security, vol. 2, pp. 261-267, 1982.
[28] E.F. Brickell,J.H. Moore,, and M.R. Purtill,“Structures in the S-boxes of DES,” Advances in Cryptology: Proc. CRYPTO’86, pp. 3-8,Berlin, Springer-Verlag, 1987.
[29] W. Meier and O. Staffelbach,“Nonlinearity criteria for cryptographic functions,” Advances in Cryptology: Proc. EUROCRYPT’89, pp. 549-562,Berlin, Springer-Verlag, 1990.

Index Terms:
Avalanche, block ciphers, cryptography, S-boxes, substitution-permutation encryption networks.
Stafford E. Tavares, Howard M. Heys, "Avalanche Characteristics of Substitution-Permutation Encryption Networks," IEEE Transactions on Computers, vol. 44, no. 9, pp. 1131-1139, Sept. 1995, doi:10.1109/12.464391
Usage of this product signifies your acceptance of the Terms of Use.