The Data Encryption Standard (DES) and its strength against attacks
IBM Journal of Research and Development
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The First Experimental Cryptanalysis of the Data Encryption Standard
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
On Differential and Linear Crytoanalysis of the RC5 Encryption Algorithm
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
Proceedings of the Third International Workshop on Fast Software Encryption
| Hi-index | 0.00 |
Security analysis of block ciphers against linear cryptanalysis has virtually always been based on the bias estimates obtained by the Piling-Up Lemma (PUL) method. Despite its common use, and despite the fact that the independence assumption of the PUL is known not to hold in practice, accuracy of the PUL method has not been analyzed to date. In this study, we start with an experimental analysis of the PUL method. The results on RC5 show that the estimates by the PUL method can be quite inaccurate for some non-Feistel ciphers. On the other hand, the tests with SP-structured Feistel ciphers consistently show a much higher degree of accuracy. In the second part, we analyze several theories for an alternative method for bias estimation, including correlation matrices, linear hulls, and statistical sampling. We show a practical application of the theory of correlation matrices, where better estimates than the PUL method are obtained. We point out certain problems in some current applications of linear hulls. We show that the sample size required for a reliable statistical estimator is an impractically large amount for most practical cases.