## Abstract

Is it possible that a block cipher apparently immune to classical differential cryptanalysis can be attacked considering a different operation on the message space? Recently Calderini and Sala showed how to effectively compute alternative operations on a vector space which can serve as message space for a block cipher such that the resulting structure is still a vector space. The latter were used to mount a linearisation attack against a toy cipher. Here we investigate how alternative operations interact with the layers of a substitution–permutation network and show how they influence the differential probabilities, when the difference taken into consideration is different from the usual bit-wise addition modulo two. Furthermore, we design a block cipher which appears to be secure with respect to classical differential cryptanalysis, but weaker with respect to our attack which makes use of alternative operations.

Original language | English |
---|---|

Pages (from-to) | 225–247 |

Number of pages | 23 |

Journal | DESIGNS CODES AND CRYPTOGRAPHY |

Volume | 87 |

DOIs | |

Publication status | Published - 12 Jul 2018 |

MoE publication type | A1 Journal article-refereed |

## Keywords

- Alternative operations
- Block ciphers
- Differential cryptanalysis
- Distinguisher