Zero Correlation Linear Cryptanalysis on LEA Family Ciphers

—In recent two years, zero correlation linear cryptanalysis has shown its great potential in cryptanalysis and it has proven to be effective against massive ciphers. LEA is a block cipher proposed by Deukjo Hong, who is the designer of an ISO standard block cipher HIGHT. This paper evaluates the security level on LEA family ciphers against zero correlation linear cryptanalysis. Firstly, we identify some 9-round zero correlation linear hulls for LEA. Accordingly, we propose a distinguishing attack on all variants of 9-round LEA family ciphers. Then we propose the first zero correlation linear cryptanalysis on 13-round LEA-192 and 14-round LEA-256. For 13-round LEA-192, we propose a key recovery attack with time complexity of 131.30 2 13-round LEA encryptions, data complexity of 128 2 plaintext-ciphertext pairs and memory complexity of 60.58 2 bytes. For 14-round LEA-256, we propose a key recovery attack with time complexity of 250.19 2 14-round LEA encryptions, data complexity of 128 2 plaintext-ciphertext pairs and memory complexity of 142.35 2 bytes. As far as we know, these are the best results on LEA using zero correlation linear cryptanalysis so far.