International Association
for Cryptologic Research

In this short note we report on invariant subspaces in Simpira in the case of four registers. In particular, we show that the whole input space (respectively output space) can be partitioned into invariant cosets of dimension $56$ over $\F_{2^8}^{64}$. These invariant subspaces are found by exploiting the \emph{non-invariant} subspace properties of AES together with the particular choice of Feistel configuration. Though we give the invariant subspaces for $b=4$ in this paper, we remark that there are invariant subspaces in several of the Simpira instances; these can be determined with only minor adjustments to the analysis in this paper.