DES has no per round linear factors
Proceedings of CRYPTO 84 on Advances in cryptology
Cryptanalysis of DES with a reduced number of rounds
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
How to Improve the Nonlinearity of Bijective S-Boxes
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
Two-Stage Optimisation in the Design of Boolean Functions
ACISP '00 Proceedings of the 5th Australasian Conference on Information Security and Privacy
The First Experimental Cryptanalysis of the Data Encryption Standard
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Linear Cryptanalysis Using Multiple Approximations
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Non-linear approximations in linear cryptanalysis
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
A generalization of linear cryptanalysis and the applicability of Matsui's piling-up lemma
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
On quadratic approximations in block ciphers
Problems of Information Transmission
The placement-configuration problem for intrusion detection nodes in wireless sensor networks
Computers and Electrical Engineering
Trustworthy placements: Improving quality and resilience in collaborative attack detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Non-linear cryptanalysis is a natural extension to Matsui's linear cryptanalitic techniques in which linear approximations are replaced by non-linear expressions. Non-linear approximations often exhibit greater absolute biases than linear ones, so it would appear that more powerful attacks may be mounted. However, their use presents two main drawbacks. The first is that in the general case no joint approximation can be done for more than one round of a block cipher. Despite this limitation, Knudsen and Robshaw showed that they can be still very useful, for they allow the cryptanalist greater flexibility in mounting a classic linear cryptanalysis. The second problem concerning non-linear functions is how to identify them efficiently, given that the search space is superexponential in the number of variables. As the size of S-boxes (the elements usually approximated) increases, the computational resources available to the cryptanalyst for the search become rapidly insufficient. In this work, we tackle this last problem by using heuristic search techniques -particularly Simulated Annealing- along with a specific representation strategy that greatly facilitates the identification.We illustrate our approach with the 9×32 S-box of the MARS block cipher. For it, we have found multiple approximations with biases considerably larger (e.g. 151/512) than the best known linear mask (84/512) in reasonable time. Finally, an analysis concerning the search dynamics and its effectiveness is also provided.