Linear Distinguishing Attack on Shannon

Authors:
Risto M. Hakala;Kaisa Nyberg
Affiliations:
Helsinki University of Technology, Finland;Helsinki University of Technology, Finland and Nokia Research Center, Finland
Venue:
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Year:
2008

Citing 4
Cited 1

Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Linear Cryptanalysis Using Multiple Approximations

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Fast computation of large distributions and its cryptographic applications

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Attack the dragon

INDOCRYPT'05 Proceedings of the 6th international conference on Cryptology in India

Bias analysis of a certain problem with applications to E0 and Shannon cipher

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a linear distinguishing attack on the stream cipher Shannon. Our distinguisher can distinguish the output keystream of Shannon from 2107keystream words while using an array of 232counters. The distinguisher makes use of a multidimensional linear transformation instead of a one-dimensional transformation, which is traditionally used in linear distinguishing attacks. This gives a clear improvement to the keystream requirement: we need approximately 25times less keystream than when a one-dimensional transform is used.