Type-Preserving Matrices and Security of Block Ciphers

TL;DR

This paper introduces the Non-Type-Preserving property for mixing layers in block ciphers, providing conditions for its structure, demonstrating its presence in well-known ciphers, and linking it to the primitivity of the generated group to enhance security.

Contribution

It defines the Non-Type-Preserving property, characterizes its structure, and shows its application in ensuring the primitivity of the group generated by cipher round functions.

Findings

Several linear maps, including AES, GOST, and PRESENT, are Non-Type-Preserving.

Mixing layers with this property ensure the group generated by round functions is primitive.

The property applies to generalized GOST-like ciphers with invertible S-Boxes.

Abstract

We provide a new property, called Non-Type-Preserving, for a mixing layer which guarantees protection against algebraic attacks based on the imprimitivity of the group generated by the round functions. Our main result is to present necessary and sufficient conditions on the structure of the binary matrix associated to the mixing layer, so that it has this property. Then we show how several families of linear maps are Non-Type-Preserving, including the mixing layers of AES, GOST and PRESENT. Finally we prove that the group generated by the round functions of an SPN cipher with addition modulo a power of 2 as key mixing function is primitive if its mixing layer satisfies this property. Moreover we generalise the definition of a GOST-like cipher using a Non-Type-Preserving matrix as mixing layer and we show, under the only assumption of invertibility of the S-Boxes, that the corresponding group is primitive.