Elements of information theory
Elements of information theory
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael
Serpent: A New Block Cipher Proposal
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
The Wide Trail Design Strategy
Proceedings of the 8th IMA International Conference on Cryptography and Coding
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
The Complexity of Distinguishing Distributions (Invited Talk)
ICITS '08 Proceedings of the 3rd international conference on Information Theoretic Security
Principles of Signal Detection and Parameter Estimation
Principles of Signal Detection and Parameter Estimation
On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Dependent linear approximations: the algorithm of biryukov and others revisited
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Zero correlation linear cryptanalysis with reduced data complexity
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
We consider linear approximations of an iterated block cipher in the presence of several strong linear approximation trails. While the effect of such trails in Matsui's Algorithm 2, also called the linear hull effect, has been previously studied by a number of authors, their effect on Matsui's Algorithm 1 has not been investigated until now. The goal of this paper is to fill this gap and examine how to generalize Matsui's Algorithm 1 to work also on linear hulls. We restrict to key-alternating ciphers and develop a mathematical framework for this kind of attacks. The complexity of the attack increases with the number of linear trails that have significant contribution to the correlation. We show how to reduce the number of trails and thus the complexity using related keys. Further, we illustrate our theory by experimental results on a reduced round version of the block cipher PRESENT.