So far, real-life encryption algorithms used to have an empirical-based security: they were designed from an intricate substitution-permutation network and believed to be secure until someone published an attack on them. In parallel, research yielded several general attacks strategies, namely Biham and Shamir's "differential cryptanalysis", and Matsui's "linear cryptanalysis" (both are particular cases of the more general "iterated attacks of order 2"), which provided a better understanding on how to manage with security arguments.
The laboratory of computer sciences of the Ecole Normale Supérieure, associated with the Centre National pour la Recherche Scientifique (CNRS), has recently developed a technique for making new encryption algorithms with a provable security against any iterated attacks of a fixed order (e.g. of order 2). Several properties of this technique - known as decorrelation - have been presented at international research conferences. Additionally, decorrelation has been used in order to propose a candidate for the "Advanced Encryption Standard" process of the US Department of Commerce.
This candidate enables to encrypt any digital information with a key of
length up to 256 bits. It has been implemented on various computer platforms
with the following benchmarks.
| microprocessor | cycles-per-bit | clock-frequency | bits-per-second |
| AXP(TM) | 4.36 | 600 MHz | 137.6 Mbps |
| Pentium(TM) | 5.89 | 200 MHz | 34.0 Mbps |
| SPARC(TM) | 6.27 | 170 MHz | 27.1 Mbps |
Provable security is an important added value for cryptographic algorithms and is currently a hot topic in international conferences. The decorrelation technique is a part of this program.
Date: August the 12th, 1998.