Linear Approximations of Addition Modulo 2n-1
Addition modulo 231 − 1 is a basic arithmetic operation in the stream cipher ZUC. For evaluating ZUC’s resistance against linear cryptanalysis, it is necessary to study properties of linear approximations of the addition modulo 231 − 1. In this paper we discuss linear approximations of the addition of k inputs modulo 2n − 1 for n ≥ 2. As a result, an explicit expression of the correlations of linear approximations of the addition modulo 2n − 1 is given when k = 2, and an iterative expression when k > 2. For a class of special linear approximations with all masks being equal to 1, we further discuss the limit of their correlations when n goes to infinity. It is shown that when k is even, the limit is equal to zero, and when k is odd, the limit is bounded by a constant depending on k.