The wide trail strategy is a design method created by Joan Daemen and Vincent Rijmen for the design of the block ciphers SHARK and Square, and which they later used (with great success) in the design of Rijndael (aka AES). The name comes from the probability 'trails' used in differential and linear cryptanalysis; the wider they are, the harder they are to exploit.

Without going too much into the motivations, the wide trail strategy says that a block cipher needs:

  • Nonlinear substitution: That is, a good S-box.
  • Linear transformations: These provide good diffusion, and help the S-box provide non-linearity.
  • Key addition: This is usually done with XOR.
and that these are the only things a cipher needs. In particular, in the wide trail strategy, you can examine each of these components on its own, and then combine them together without worrying about how they will interact.

The hardest part of the design is usually the linear transformations, since they are the most involved. Typically one uses a MDS code, but other methods are also possible. The wide trail design strategy does not help much in designing the key schedule, though that is an important part of any cipher; the existing attacks against AES all rely on weaknesses in the key schedule design, which is much more ad hoc than the cipher itself.

Primarily useful for desiging provably secure block ciphers, the strategy can also be used in other ways. For example, Vincent Rijmen and Paulo S. L. M. Barreto designed a block cipher called W using the wide trail strategy, and then used it to build a hash function called Whirlpool. Similiarly, one could design a strong (but slow) stream cipher by using a wide trail block cipher in OFB or CTR mode.

Log in or register to write something here or to contact authors.