This paper considers iterated ciphers and their resistance against linear and differential cryptanalysis. In the theory of these attacks one assumes independence of the round keys in the ciphers. Very often though, the round keys are computed in a key schedule algorithm from a short key in a nonrandom fashion. In this paper it is shown by experiments that ciphers with complex key schedules resist both attacks better than ciphers with more straightforward key schedules. It is well-known that by assuming independent round keys the probabilities of differentials and linear hulls can be modeled by Markov chains and that for most such ciphers the distribution of the probabilities of these converge to the uniform distribution after some number of rounds. The presented experiments illustrate that some iterated ciphers with very simple key schedules will never reach this uniform distribution. Also the experiments show that ciphers with well-designed, complex key schedules reach the uniform distribution faster (using fewer rounds) than ciphers with poorly designed key schedules. As a side result it was found that there exist ciphers for which the differential of the highest probability for one fixed key is also the differential of the highest probability for any other key. It is believed that this is the first such example provided in the literature.
展开▼
