On quadratic approximations in block ciphers
Problems of Information Transmission
A Differential-Linear Attack on 12-Round Serpent
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A New Technique for Multidimensional Linear Cryptanalysis with Applications on Reduced Round Serpent
Information Security and Cryptology --- ICISC 2008
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
On Linear Cryptanalysis with Many Linear Approximations
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
On unbiased linear approximations
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Differential-multiple linear cryptanalysis
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Differential a1ttack on five rounds of the SC2000 block cipher
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Accurate estimates of the data complexity and success probability for various cryptanalyses
Designs, Codes and Cryptography
Security of the SMS4 block cipher against differential cryptanalysis
Journal of Computer Science and Technology - Special issue on natural language processing
Multiple differential cryptanalysis: theory and practice
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Algebraic techniques in differential cryptanalysis revisited
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Linear cryptanalysis of ARIA block cipher
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Linear cryptanalysis of reduced-round PRESENT
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Dependent linear approximations: the algorithm of biryukov and others revisited
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Linear fault analysis of block ciphers
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Zero correlation linear cryptanalysis with reduced data complexity
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
A model for structure attacks, with applications to PRESENT and serpent
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
A methodology for differential-linear cryptanalysis and its applications
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Multiple differential cryptanalysis using LLR and χ2
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Journal of Computational and Applied Mathematics
Differential attack on nine rounds of the SEED block cipher
Information Processing Letters
Hi-index | 0.00 |
Despite their widespread usage in block cipher security, linear and differential cryptanalysis still lack a robust treatment of their success probability, and the success chances of these attacks have commonly been estimated in a rather ad hoc fashion. In this paper, we present an analytical calculation of the success probability of linear and differential cryptanalytic attacks. The results apply to an extended sense of the term “success” where the correct key is found not necessarily as the highest-ranking candidate but within a set of high-ranking candidates. Experimental results show that the analysis provides accurate results in most cases, especially in linear cryptanalysis. In cases where the results are less accurate, as in certain cases of differential cryptanalysis, the results are useful to provide approximate estimates of the success probability and the necessary plaintext requirement. The analysis also reveals that the attacked key length in differential cryptanalysis is one of the factors that affect the success probability directly besides the signal-to-noise ratio and the available plaintext amount.