Document Type : Research Article


1 Department of Electrical Engineering, Isfahan (Khorasgan) Branch, Islamic Azad University, Isfahan, Iran

2 Faculty of Information Technology, Monash University, Australia


The diffusion layer plays an important role in a block cipher. Some block ciphers, such as ARIA, Camellia, and Skinny use binary matrices as diffusion layers which can be efficiently implemented in hardware and software. In this paper, the goal is to propose some new binary matrices with suitable values for the active S-boxes for R rounds. Firstly, some new $16 \times 16$ matrices are proposed whose software implementations are better than the corresponding one for the ARIA block cipher. Also, the values for the minimum active S-boxes for these matrices are greater than the corresponding values for the ARIA block cipher for $R>5$.
To design $32 \times 32$ matrices, a structure with a special form is proposed. Using this structure, a $32\times 32$ binary matrix is proposed which guarantees at least 48 active S-boxes for 8 rounds of an SPN structure with this matrix as its diffusion layer. By extending this structure, a $32\times 32$ non-binary matrix is presented which results in at least 60 active S-boxes after 8 rounds.


[1] M. Kanda, S. Moriai, K. Aoki, H. Ueda,Y. Takashima, K. Ohta, and T. Matsumoto. E2-A New 128-Bit Block Cipher. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E83-A(1):48–59, 2000.
[2] K. Aoki, T. Ichikawa, M. Kanda, M. Matsui, S. Moriai, J. Nakajima, and T. Tokita. Camellia: A 128-bit Block Cipher Suitable for Multiple Platforms-Design and Analysis. In SAC 2000, volume 2012, pages 39–56. Springer-Verlag Berlin
Heidelberg, 2001.
[3] D. Kwon, J. Kim, S. Park, S.H. Sung, Y. Sohn, J.H. Song, Y. Yeom, E-J. Yoon, S. Lee, J. Lee, S. Chee, D. Han, and J. Hong. New Block Cipher ARIA. In ICISC2003, volume 2971, pages 432–445. Springer-Verlag, 2003.
[4] Christof Beierle, J´er´emy Jean, Stefan K¨olbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, and Siang Meng Sim. The skinny family of block ciphers and its low-latency variant mantis. In Advances in Cryptology–CRYPTO 2016: 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II 36, pages 123–153. Springer, 2016.
[5] Subhadeep Banik, Andrey Bogdanov, Takanori Isobe, Kyoji Shibutani, Harunaga Hiwatari, Toru Akishita, and Francesco Regazzoni. Midori: A block cipher for low energy. In Advances in Cryptology–ASIACRYPT 2015: 21st International Conference on the Theory and Application of Cryptology and Information Security, Auck-land, New Zealand, November 29–December 3, 2015, Proceedings, Part II 21, pages 411–436. Springer, 2015.
[6] B. Koo, H. Jang, and J. Song. On constructing of a 32 * 32 binary matrix as a diffusion layer for a 256-bit block cipher. In ICISC2006, volume 4296, pages 51–64. Springer-Verlag, 2006.
[7] Muharrem Tolga Sakallı, Sedat Akleylek, Bora Aslan, Ercan Bulu¸s, and Fatma B¨uy¨uksara¸co˘glu Sakallı. On the construction of and binary matrices with good implementation properties for lightweight block ciphers and hash functions. Mathematical Problems in Engineering, 2014.
[8] M. Matsui. Linear Cryptanalysis Method for DES Cipher. In EUROCRYPT’93, volume 765, pages 386–397. Springer-Verlag, 1993.
[9] E. Biham and A. Shamir. Differential Cryptanalysis of DES-like Cryptosystems. In CRYPTO’90, volume 537, pages 2–21. Springer-Verlag, 1990.
[10] J. Daemen. Cipher and Hash Function Design Strategies Based on Linear and Differential Cryptanalysis. PhD thesis, Elektrotechniek Katholieke Universiteit Leuven, Belgium, 1995.
[11] Mahdi Sajadieh, Arash Mirzaei, Hamid Mala, and Vincent Rijmen. A new counting method to bound the number of active s-boxes in rijn-dael and 3d. Designs, Codes and Cryptography, 83:327–343, 2017.
[12] Hongjun Wu. The hash function jh. Submission to NIST (round 3), 6, 2011.
[13] J. Daemen and V. Rijmen. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer-Verlag, 2002.