Substitution-Permutation Network
Substitution Permutation Network ( SPN ) is a design principle for block ciphers . An example of a substitution-permutation network is the Advanced Encryption Standard .
description
A substitution-permutation network consists of a number of rounds of the same structure. In each round a round key is added to the input first. Then the result is divided into several blocks and each block is replaced by another block using the substitution box (S-Box). These blocks are in turn mixed by a permutation box (P box).
In the last round, the P-box can be omitted because it can be trivially calculated from the result by anyone. For this, it makes sense to add a round key to the result again to prevent the substitutions from being easily deducted.
properties
An SPN design has good diffusion and confusion because if one bit of the plaintext or key changes, several bits of the output of the S-box change, which are then distributed through the P-box to different S-boxes of the next round. With AES-128, for example, a change in an input bit within two rounds causes a change in every byte of the output.
In contrast to Feistel ciphers , substitution-permutation networks are generally not reversible by simply rearranging the key, since the S-box is not self-inverse. In return, they allow a higher degree of parallel processing.
Individual evidence
- ↑ Bart Preneel, Vincent Rijmen and Antoon Bosselaers: Algorithm Alley . 1998, Design Principles for Cryptographic Algorithms ( drdobbs.com ).