Linear Cryptanalysis Using Low-bias Linear Approximations

نویسندگان

  • Tomer Ashur
  • Daniël Bodden
  • Orr Dunkelman
چکیده

This paper deals with linear approximations having absolute bias smaller than 2− n 2 which were previously believed to be unusable for a linear attack. We show how a series of observations which are individually not statistically significant can be used to create a χ distinguisher. This is different from previous works which combined a series of significant observations to reduce the data complexity of a linear attack. We test the distinguisher on a real-world cipher and show that it can be used to improve previous results.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Improved Linear Trails for the Block Cipher Simon

Simon is a family of block ciphers designed by the NSA and published in 2013. Due to their simple structure and the fact that the specification lacked security design rationale, the ciphers have been the subject of much cryptanalytic work, especially using differential and linear cryptanalysis. We improve previously published linear trail bias estimations by presenting a novel method to calcula...

متن کامل

How Biased Are Linear Biases ∗

In this paper we re-visit the Matsui’s linear cryptanalysis. The linear attack on the full round DES was the first attack that has been verified experimentally. Matsui extended one-round linear approximations to a linear mask of plaintext-ciphertext pairs by means of his piling-up lemma. The assumption of the lemma, the independence of the random variables in the round approximations, is hopefu...

متن کامل

Generalised S - Box Nonlinearity NES / DOC / UIB / WP 5 / 020 / A Matthew

In this paper the (effective) bias of certain generalised linear approximations to the S-box are considered. Whereas, in the literature, the cryptanalyst typically restricts this search to linear approximations over Z2, we here consider linear approximations over Z4 and, more generally still, consider approximations which are linear in the sense that they can be completely factorised into the t...

متن کامل

New Results in the Linear Cryptanalysis of DES

Two open problems on using Matsui’s Algorithm 2 with multiple linear approximations posed earlier by Biryukov, De Cannière and M. Quisquater at Crypto’04 are solved in the present paper. That improves the linear cryptanalysis of 16-round DES reported by Matsui at Crypto’94. keywords: linear cryptanalysis, multiple linear approximations, success probability, MRHS linear equations, gluing algorithm.

متن کامل

Zero Correlation Linear Cryptanalysis with Reduced Data Complexity

Zero correlation linear cryptanalysis is a novel key recovery technique for block ciphers proposed in [5]. It is based on linear approximations with probability of exactly 1/2 (which corresponds to the zero correlation). Some block ciphers turn out to have multiple linear approximations with correlation zero for each key over a considerable number of rounds. Zero correlation linear cryptanalysi...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2017  شماره 

صفحات  -

تاریخ انتشار 2017