Block ciphers usually consist of the repeated application of a relatively simple round function. In so-called Feistel ciphers, like DES, this round function operates on the state divided in two equal parts in two steps. It first applies a function F to the left part and adds that to the right part and then swaps left and right parts. The function F often consists of one or more linear layers and an layer of non-linear S-boxes. The round function of the innovative Feistel block cipher SIMON does not have S-boxes. Instead, its sole non-linear operation is a bitwise AND of two rotated instances of the left part. Despite its simplicity, this is a remarkably powerful operation. Still, we think a slightly more complex variant could have a better trade-off between implementation cost and effective non-linearity. This variant combines four rotated instances of the left part in a two-level NAND network. We call it the cascaded NAND. When evaluating the security of a block cipher with respect to differential cryptanalysis, one needs to understand how differences propagate through its non-linear operations. These propagations are very well understood for the bitwise AND operation in SIMON. However, for the cascaded NAND, characterizing differential propagation presents quite a challenge. This thesis is about making progress in this characterization. The type of work includes pen-and-paper analysis, writing and running code for experiments and interpretation of their results. For all phases of the work there will be reading about difference propagation.
If you are interested in this topic, please send an email to Joan Daemen via joan@cs.ru.nl .