Generalization of Matsui's Algorithm 1 to linear hull for key-alternating block ciphers

Authors:
Andrea Röck;Kaisa Nyberg
Affiliations:
Department of Information and Computer Science, Aalto University School of Science, Aalto, Finland 00076;Department of Information and Computer Science, Aalto University School of Science, Aalto, Finland 00076 and Nokia Research Center, Nokia Group, Finland 00045
Venue:
Designs, Codes and Cryptography
Year:
2013

Citing 11
Cited 0

Elements of information theory

Elements of information theory
Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael

The Design of Rijndael
Serpent: A New Block Cipher Proposal

FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
The Wide Trail Design Strategy

Proceedings of the 8th IMA International Conference on Cryptography and Coding
PRESENT: An Ultra-Lightweight Block Cipher

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
The Complexity of Distinguishing Distributions (Invited Talk)

ICITS '08 Proceedings of the 3rd international conference on Information Theoretic Security
Principles of Signal Detection and Parameter Estimation

Principles of Signal Detection and Parameter Estimation
On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Dependent linear approximations: the algorithm of biryukov and others revisited

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Zero correlation linear cryptanalysis with reduced data complexity

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

We consider linear approximations of an iterated block cipher in the presence of several strong linear approximation trails. While the effect of such trails in Matsui's Algorithm 2, also called the linear hull effect, has been previously studied by a number of authors, their effect on Matsui's Algorithm 1 has not been investigated until now. The goal of this paper is to fill this gap and examine how to generalize Matsui's Algorithm 1 to work also on linear hulls. We restrict to key-alternating ciphers and develop a mathematical framework for this kind of attacks. The complexity of the attack increases with the number of linear trails that have significant contribution to the correlation. We show how to reduce the number of trails and thus the complexity using related keys. Further, we illustrate our theory by experimental results on a reduced round version of the block cipher PRESENT.