Non-Linear Approximations in Linear Cryptanalysis
نویسندگان
چکیده
By considering the role of non-linear approximations in linear cryptanalysis we obtain a generalization of Matsui’s linear cryptanalytic techniques. This approach allows the cryptanalyst greater flexibility in mounting a linear cryptanalytic attack and we demonstrate the effectiveness of our non-linear techniques with some simple attacks on LOKI91. These attacks potentially allow for the recovery of seven additional bits of key information with less than 1/4 of the plaintext that is required using current linear cryptanalytic methods.
منابع مشابه
New Automatic Search Tool for Impossible Differentials and Zero-Correlation Linear Approximations
Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two of the most useful cryptanalysis methods in the field of symmetric ciphers. Until now, there are several automatic search tools for impossible differentials such as U-method and UID-method, which are all independent of the non-linear S-boxes. Since the differential and linear properties can also contribute t...
متن کاملNon-linear Cryptanalysis Revisited: Heuristic Search for Approximations to S-Boxes
Non-linear cryptanalysis is a natural extension to Matsui’s linear cryptanalitic techniques in which linear approximations are replaced by nonlinear expressions. Non-linear approximations often exhibit greater absolute biases than linear ones, so it would appear that more powerful attacks may be mounted. However, their use presents two main drawbacks. The first is that in the general case no jo...
متن کاملLinear hulls with correlation zero and linear cryptanalysis of block ciphers
Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an...
متن کاملNew Results in the Linear Cryptanalysis of DES
Two open problems on using Matsui’s Algorithm 2 with multiple linear approximations posed earlier by Biryukov, De Cannière and M. Quisquater at Crypto’04 are solved in the present paper. That improves the linear cryptanalysis of 16-round DES reported by Matsui at Crypto’94. keywords: linear cryptanalysis, multiple linear approximations, success probability, MRHS linear equations, gluing algorithm.
متن کاملZero-Correlation Linear Cryptanalysis of Block Ciphers
Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis – zero-correlation linear cryptanalysis – a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, ...
متن کامل