Extended Linear Cryptanalysis and Extended Piling-up Lemma
نویسندگان
چکیده
In this paper, we extend the idea of piling-up lemma and linear cryptanalysis applied to symmetric-key block ciphers. We also examine this new method of Extended Linear Cryptanalysis on two-round Rijndael, which is designed to be immune to linear cryptanalysis attack. Even though our results do not show much surprise on two-round Rijndael, the effects on other block ciphers remain open questions.
منابع مشابه
How Biased Are Linear Biases ∗
In this paper we re-visit the Matsui’s linear cryptanalysis. The linear attack on the full round DES was the first attack that has been verified experimentally. Matsui extended one-round linear approximations to a linear mask of plaintext-ciphertext pairs by means of his piling-up lemma. The assumption of the lemma, the independence of the random variables in the round approximations, is hopefu...
متن کاملWalsh-Hadamard Transform and Cryptographic Applications in Bias Computing
Walsh-Hadamard transform is used in a wide variety of scientific and engineering applications, including bent functions and cryptanalytic optimization techniques in cryptography. In linear cryptanalysis, it is a key question to find a good linear approximation, which holds with probability (1 + d)/2 and the bias d is large in absolute value. Lu and Desmedt (2011) take a step toward answering th...
متن کاملHow Far Can We Go Beyond Linear Cryptanalysis?
Several generalizations of linear cryptanalysis have been proposed in the past, as well as very similar attacks in a statistical point of view. In this paper, we define a rigorous general statistical framework which allows to interpret most of these attacks in a simple and unified way. Then, we explicitely construct optimal distinguishers, we evaluate their performance, and we prove that a bloc...
متن کاملSecurity Against Generalized Linear Cryptanalysis and Partitioning Cryptanalysis
In this work we give some bounds which can be used to determine if a block cipher is secure against generalized linear cryptanalysis and partitioning cryptanalysis. For this purpose, we give a new de nition of imbalance which has some nice properties, and we show that an equivalent of Matsui's piling-up lemma holds for this de nition. The bounds are illustrated with examples. We prove that it s...
متن کاملA Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma
Matsui's linear cryptanalysis for iterated block ciphers is generalized by replacing his linear expressions with I/O sums. For a single round, an I/O sum is the XOR of a balanced binary-valued function of the round input and a balanced binary-valued function of the round output. The basic attack is described and conditions for it to be successful are given. A procedure for nding e ective I/O su...
متن کامل