9.18 WHEN IS A PRODUCT BLOCK-CIPHER SECURE?
In LUCIFER, DES, and Rijndael, the substitution (S-box) provides the only nonlinear element in the encipherment transformation. In the 16 years various authors have studied the general design principles of strong product block-ciphers, which have been investigated since the beginning of the 1980s. Susan Landau's paper [Landau, 2004] is a very fine summary of the concepts.
will continue to denote the set of all binary n-vectors. The Hamming distance d(x, y) between two n-vectors x = (x0, x1, …, xn−1) and y = (y0, y1, …, yn−1) is the number of coordinates in which they differ.
If
where, indicates complementation, then
An S-box is Boolean function; that is, a mapping
We use the notations
n for the set of all Boolean functions on 
with values in ,- n for the set of all linear Boolean functions f(x) = a0x0 + a1x1 + ··· + an−1xn−1 where the coefficient ...
Get Computer Security and Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
