Linear hulls with correlation zero and linear cryptanalysis of block ciphers

Authors:
Andrey Bogdanov;Vincent Rijmen
Affiliations:
Department of ESAT and IBBT Security Department, KU Leuven, Heverlee, Belgium 3001;Department of ESAT and IBBT Security Department, KU Leuven, Heverlee, Belgium 3001
Venue:
Designs, Codes and Cryptography
Year:
2014

Citing 12
Cited 1

Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael

The Design of Rijndael
Differential Cryptanalysis of DES-like Cryptosystems

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Impossible Differential Cryptanalysis of CLEFIA

Fast Software Encryption
New Impossible Differential Attacks on AES

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Impossible Boomerang Attack for Block Cipher Structures

IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Two attacks on reduced IDEA

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
On unbiased linear approximations

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
The 128-bit blockcipher CLEFIA

FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Zero correlation linear cryptanalysis with reduced data complexity

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: Improved cryptanalysis of an ISO standard

Information Processing Letters

Quantified Score

Hi-index	0.00

Visualization

Abstract

Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an algorithm of complexity 2n-1 is proposed for the exact evaluation of correlation. Non-trivial zero-correlation linear approximations are demonstrated for various block cipher structures including AES, balanced Feistel networks, Skipjack, CLEFIA, and CAST256. As an example, using the zero-correlation linear cryptanalysis, a key-recovery attack is shown on 6 rounds of AES-192 and AES-256 as well as 13 rounds of CLEFIA-256.