Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
On Differential and Linear Crytoanalysis of the RC5 Encryption Algorithm
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Non-linear approximations in linear cryptanalysis
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Linear Cryptanalysis of RC5 and RC6
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Mod n Cryptanalysis, with Applications Against RC5P and M6
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Multiple Linear Cryptanalysis of a Reduced Round RC6
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Probing Attacks on Tamper-Resistant Devices
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
We show that the linear cryptanalytic attack on RC5 that was published by Kaliski and Yin at Crypto'95 does not work as expected due to the failure of some hidden assumptions involved. Then we present new linear attacks on RC5. Our attacks use the same linear approximation as the one used by Kaliski and Yin. Therefore, the plaintext requirement of our attack is around 4w2r-2 which is impractically high for reasonably high values of w and r. These new attacks has also significances beyond the linear cryptanalysis of RC5 to show how linear cryptanalysis can carry on when the approximation used has a non-zero bias for the wrong key values. We also discuss certain issues about linear cryptanalysis of RC5 that need to be resolved for a better linear attack.