Chapter 1 - Linear cryptanalysis
نویسندگان
چکیده
Linear cryptanalysis was first introduced by Mitsuru Matsui in [12]. The cryptanalyst attempts to find a linear equation x1 ⊕ . . . ⊕ xi = y1 ⊕ . . . ⊕ yj in the input and output bits of some part of the cipher which holds true with probability sufficiently different to 0.5. “Sufficiently different” means that for a known-plaintext attack on a feasible number of known plaintexts, when the correct key (or part of it) is tried on all of these known plaintexts, the number of plaintexts for which the equation holds will deviate significantly from one half of the total. Such an equation is known as a “linear approximation”.
منابع مشابه
Algorithms for Solving Linear and Polynomial Systems of Equations over Finite Fields with Applications to Cryptanalysis
Title of dissertation: ALGORITHMS FOR SOLVING LINEAR AND POLYNOMIAL SYSTEMS OF EQUATIONS OVER FINITE FIELDS WITH APPLICATIONS TO CRYPTANALYSIS Gregory Bard Doctor of Philosophy, 2007 Dissertation directed by: Professor Lawrence C. Washington Department of Mathematics This dissertation contains algorithms for solving linear and polynomial systems of equations over GF(2). The objective is to prov...
متن کاملChapter 5: Propagation and Correlation
In this chapter we treat difference propagation and input-output correlation in Boolean mappings and iterated Boolean transformations. Difference propagation is specifically exploited in differential cryptanalysis (DC), invented by Eli Biham and Adi Shamir [BiSh91]. Input-output correlation is exploited in linear cryptanalysis (LC), invented by Mitsuru Matsui [Ma93]. Both DC and LC were success...
متن کاملExtension of Cube Attack with Probabilistic Equations and its Application on Cryptanalysis of KATAN Cipher
Cube Attack is a successful case of Algebraic Attack. Cube Attack consists of two phases, linear equation extraction and solving the extracted equation system. Due to the high complexity of equation extraction phase in finding linear equations, we can extract nonlinear ones that could be approximated to linear equations with high probability. The probabilistic equations could be considered as l...
متن کاملChapter 5 - integral cryptanalysis
The history of integral cryptanalysis is a little complicated, and the most important papers to study regarding it are not in fact the ones in which it was first defined. We give a brief recap here: In 1997, Daemen, Knudsen, and Rijmen published a paper [3] describing a new cipher. This cipher, SQUARE, was a forerunner of Rijndael [10], the eventual AES, and was designed using the same wide tra...
متن کاملResistance of Balanced s-Boxes to Linear and Differential Cryptanalysis
In this letter, we study the marginal density of the XOR distribution table, and the linear approximation table entries of regular substitution boxes (s-boxes). Based on this, we show that the fraction of good s-boxes (with regard to immunity against linear and differential cryptanalysis) increases dramatically with the number of input variables. Introduction Differential cryptanalysis [1], and...
متن کامل