Information Technology Reference
In-Depth Information
There are possible some other mechanisms contributing to the probability of
the two-round characteristic and corresponding to generation the differences
∆
4
at the output of the operation
G
(Case 5). Besides, due to the use of the mutually
P
−
1
32
inverse CP boxes
P
32
/
80
and
80
there are possible significantly contributing
/
cases when the box
P
32
/
80
generates an additional pair of active bits and the
P
−
1
box
32
/
80
annihilates this pair of active bits (Case 6).
Probability
2
=Pr
∆
2
|i,i
+1
δ
1
|i
can be calculated considering the
avalanche effect corresponding to the operations
(
i,i
+1)
p
G
. Each input bit
l
i
of
G
influ-
ences several output bits
y
i
(except the 32nd input bit influences only the 32nd
output bit). The following formulas describe the avalanche caused by inverting
the bit
l
i
(3
≤ i ≤
32):
Pr(
∆y
i
=1
/∆l
i
=1)=1
,
Pr(
∆y
i
+1
=1
/∆l
i
=1)=1
,
Pr(
∆y
i
+
k
=1
/∆l
i
=1)=1
/
2
,
for
k
=2
,
3
,
4
,
5;
i
+
k ≤
32
.
One can see that alteration of the input bit
l
i
, where 3
≤ i ≤
27, causes de-
terministic alteration of two output bits
y
i
and
y
i
+1
and probabilistic alteration
of the output bits
y
i
+2
,
y
i
+3
,
y
i
+4
,
y
i
+5
which change with probability
p
=0
.
5.
Note that for
i
=1
,
2 alteration of
l
i
causes deterministic alteration of three out-
put bits
y
i
,
y
i
+1
, and
y
i
+3
. When passing trough the operation
G
the difference
∆
1
|i
∆
2
,
can be transformed with certain probability in the output differences
∆
3
, ...,
∆
6
.
)=Pr
(
∆
0
,∆
1
)
be the probability that the (
∆
0
,∆
1
)
r
p
r
→
∆
0
,∆
1
)
Let
(
(
∆
0
,∆
1
) output difference when passing
input difference transforms into the (
∆
1
denotes arbitrary difference with one active bit
in the right data subblock, i.e.
through
r
rounds. Note that
∆
1
denotes a batch of the one bit differences.
Probability
(2) of the two-round characteristic can be calculated using the
following formula:
P
(2) =
i
p
(
i
)
2
−
13
)=2
−
5
P
p
(
i
)=1
.
15
·
,
where
p
(
i
is the
probability that after the fist round active bit moves to
i
th digit.
we have performed the statistic test ”1,000
keys and 100,000 pairs of plaintexts” including 10
8
For each value
i ∈{
1
,
2
, ...,
32
}
experiments in order to de-
(
i
)
that
∆
0
passes the right branch of the
termine the experimental probability
p
procedure
Crypt
in the case when in the left data subblock we have the differ-
∆
1
|i
(
i
)
=
10
8
.We
ence
. Let
ν
i
be the number of such events. Then we have ˆ
p
ν
i
/
(
i
)
taking into account the mechanisms of
the formation of the two-round characteristic described above. For all
have also calculated the probabilities
p
i
theoretic
(
i
)
(
i
)
. For example we
values
p
matches suciently well the experimental ones ˆ
p
(21)
=1
2
−
9
,ˆ
(21)
=1
2
−
9
;
(18)
=1
2
−
10
,ˆ
(18)
=1
2
−
10
;
have
p
.
25
·
p
.
22
·
p
.
5
·
p
.
62
·
2
−
11
. This demonstrates that the most impor-
tant mechanisms of the formation of the two-round differential characteristic
correspond to Cases 1-6.
The performed analysis has shown that 21st and 18th digits contribute to
(17)
2
−
11
,ˆ
(17)
p
=1
.
0
·
p
=1
.
11
·
P
(2) about 12%. Contribution
of other digits is very small. Such strongly non-uniform dependence
(2) about 88% and 17th digit contributes to
P
(
i
)
i
is caused by several lacks in the structure of the extension box the
E
box,
p
on
