On Optimality of Regular SAFER+ and Modified SAFER+ Diffusion


  • Knarik M. Kyuregyan Institute for Informatics and Automation Problems of NAS RA


Diffusion, Shuffle, Byte Permutation, Differential cryptanalysis


In this paper it is shown that the regular block cipher SAFER+ and modified SAFER+ provide an optimal diffusion in the sense that ciphers are resistant against differential cryptanalysis attack after minimum possible number of rounds. Moreover, there are 967 680 byte permutations that provide equivalent security.


E. Biham and A. Shamir, “Differential cryptanalysis of DES-like cryptosystem”, Advances in Cryptology-CRYPTO’90, Lecture Notes in Computer Science, Heidelberg and New York, Springer, no. 537, pp. 212-241, 1990.

J. L. Massey, G. Khachatrian and M Kyuregian, “Nomination of SAFER+ as candidate algorithm for the advanced encryption standard”, (AES). NIST AES Proposal, 1998.

K. Kyuregyan, “Some Modifications of SAFER+”, In Reports of NAS RA, vol. 115, no 1, pp. 33--39, Yerevan, Armenia, 2015.

J. L. Massey, “SAFER K-64: One year later”, Fast Software Encryption II , Lecture Notes in Computer Science, New York, Springer, no. 1008, pp. 212-241, 1995.

J. L. Massey, “On the optimum of SAFER+ diffusion”, The second AES candidate conference, March 22-23, Rome, Italy, 1999.




How to Cite

Kyuregyan, K. M. . (2021). On Optimality of Regular SAFER+ and Modified SAFER+ Diffusion. Mathematical Problems of Computer Science, 44, 109–115. Retrieved from http://mpcs.sci.am/index.php/mpcs/article/view/190