Abstract
Let X 1,X 2,..., X k be independent n bit random variables. If they have arbitrary distributions, we show how to compute distributions like Pr{X 1 ⊕ X 2 ⊕ ... ⊕ X k } and Pr\(\{X_1 \boxplus X_2 \boxplus ...\boxplus X_k\}\) in complexity O(kn 2n). Furthermore, if X 1,X 2,..., X k are uniformly distributed we demonstrate a large class of functions F(X 1,X 2,..., X k ), for which we can compute their distributions efficiently.
These results have applications in linear cryptanalysis of stream ciphers as well as block ciphers. A typical example is the approximation obtained when additions modulo 2n are replaced by bitwise addition. The efficiency of such an approach is given by the bias of a distribution of the above kind. As an example, we give a new improved distinguishing attack on the stream cipher SNOW 2.0.
The work described in this paper has been supported in part by Grant VR 621-2001-2149, and in part by the European Commission through the IST Program under Contract IST-2002-507932 ECRYPT. The information in this document reflects only the author’s views, is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.
Chapter PDF
Similar content being viewed by others
Keywords
References
Halevi, S., Coppersmith, D., Jutla, C.S.: Scream: A software-efficient stream cipher. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 195–209. Springer, Heidelberg (2002)
Ekdahl, P., Johansson, T.: SNOW - a new stream cipher. In: Proceedings of First Open NESSIE Workshop (2000)
Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003)
Hawkes, P., Rose, G.G.: Primitive specification and supporting documentation for SOBER-t16 submission to NESSIE. In: Proceedings of First Open NESSIE Workshop (2000); (Accessed August 18, 2005), Available at http://www.cryptonessie.org
Hawkes, P., Rose, G.G.: Primitive specification and supporting documentation for SOBER-t32 submission to NESSIE. In: Proceedings of First Open NESSIE Workshop (2000);(Accessed August 18, 2005), Available at http://www.cryptonessie.org
Smart, N.: Cryptography: An Introduction (2003)
Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1 (1999); (Accessed August 18, 2005), Available at http://jya.com/a51-pi.htm
Johansson, T., Maximov, A.: A Linear Distinguishing Attack on Scream. In: Information Symposium in Information Theory—ISIT 2003, p. 164. IEEE, Los Alamitos (2003)
Ekdahl, P., Johansson, T.: Distinguishing attacks on SOBER-t16 and SOBER-t32. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 210–224. Springer, Heidelberg (2002)
Golić, J.D., Hawkes, P.: Vectorial approach to fast correlation attacks. Designs, Codes, and Cryptography 35(1), 5–19 (2005)
Lipmaa, H., Moriai, S.: Efficient algorithms for computing differential properties of addition. In: Fast Software Encryption 2001, pp. 336–350. Springer, Heidelberg (2002)
Lipmaa, H., Wallén, J., Dumas, P.: On the additive differential probability of exclusive-or. In: Fast Software Encryption 2004, pp. 317–331 (2004)
Maximov, A.: On linear approximation of modulo sum. In: Fast Software Encryption 2004, pp. 483–484 (2004)
Lipmaa, H.: On differential properties of pseudo-hadamard transform and related mappings. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 48–61. Springer, Heidelberg (2002)
Golic, J.D., Morgari, G.: Vectorial fast correlation attacks. Cryptology ePrint Archive, Report 2004/247 (2004)
Klimov, A., Shamir, A.: A new class of invertible mappings. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 470–483. Springer, Heidelberg (2003)
Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms. MIT Press, Cambridge (2001)
Watanabe, D., Biryukov, A., De Canniere, C.: A distinguishing attack of SNOW 2.0 with linear masking method. In: Selected Areas in Cryptography—SAC 2003, pp. 222–233. Springer, Heidelberg (2003)
Coppersmith, D., Halevi, S., Jutla, C.S.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)
Golić, J.D.: Linear models for keystream generators. IEEE Transactions on Computers 45(1), 41–49 (1996)
Junod, P.: On the optimality of linear, differential and sequential distinguishers. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 17–32. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maximov, A., Johansson, T. (2005). Fast Computation of Large Distributions and Its Cryptographic Applications. In: Roy, B. (eds) Advances in Cryptology - ASIACRYPT 2005. ASIACRYPT 2005. Lecture Notes in Computer Science, vol 3788. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593447_17
Download citation
DOI: https://doi.org/10.1007/11593447_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30684-9
Online ISBN: 978-3-540-32267-2
eBook Packages: Computer ScienceComputer Science (R0)