Fundamental Theory of Block Ciphers: Uniqueness of Representation and Implications

Our trust in cryptographic primitives is mainly based on the amount of cryptanalysis they receive. This analysis is often performed using a particular description of a primitive and the result can vary depending on the description. We find examples of this and also show when the description of an SPN-primitives is unique.

We further analyze the two arguably most important classes of attacks in symmetric-key cryptography: differential and linear ones. As we detail, the differential and linear properties used in the respective attacks can be more pronounced after two rounds than after a single one.

In addition, we generalize differential cryptanalysis to commutative cryptanalysis and show how cit can be used to find quite powerful attacks against a slightly modified variant of the block cipher Midori, as well as ones against unmodified Scream. We also discuss how to find such attacks using a trail-based approach and provide an algorithm to automate this process.

Paper