Synthetic Linear Analysis: Improved Attacks on CubeHash and Rabbit

  • Yi Lu
  • Serge Vaudenay
  • Willi Meier
  • Liping Ding
  • Jianchun Jiang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7259)


It has been considered most important and difficult to analyze the bias and find a large bias regarding the security of crypto-systems, since the invention of linear cryptanalysis. The demonstration of a large bias will usually imply that the target crypto-system is not strong. Regarding the bias analysis, researchers often focus on a theoretical solution for a specific problem. In this paper, we take a first step towards the synthetic approach on bias analysis. We successfully apply our synthetic analysis to improve the most recent linear attacks on CubeHash and Rabbit respectively. CubeHash was selected to the second round of SHA-3 competition. For CubeHash, the best linear attack on 11-round CubeHash with 2470 queries was proposed previously. We present an improved attack for 11-round CubeHash with complexity 2414.2. Based on our 11-round attack, we give a new linear attack for 12-round CubeHash with complexity 2513, which is sharply close to the security parameter 2512 of CubeHash. Rabbit is a stream cipher among the finalists of ECRYPT Stream Cipher Project (eSTREAM). For Rabbit, the best linear attack with complexity 2141 was recently presented. Our synthetic bias analysis yields the improved attack with complexity 2136. Moreover, it seems that our results might be further improved, according to our ongoing computations.


bias linear cryptanalysis synthetic analysis conditional dependence CubeHash Rabbit 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ashur, T., Dunkelman, O.: Linear Analysis of Reduced-Round CubeHash. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 462–478. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J.: CubeHash specification (2.B.1). Submission to NIST (2009)Google Scholar
  3. 3.
    Boesgaard, M., Vesterager, M., Christensen, T., Zenner, E.: The stream cipher Rabbit. In: The ECRYPT Stream Cipher Project,
  4. 4.
    Cho, J.Y., Pieprzyk, J.: Multiple Modular Additions and Crossword Puzzle Attack on NLSv2. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 230–248. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Lu, Y., Desmedt, Y.: Improved Distinguishing Attack on Rabbit. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 17–23. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC (1996)Google Scholar
  8. 8.
    N.I.S.T., Cryptographic hash algorithm competition,
  9. 9.
    Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Discovery and Exploitation of New Biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 74–91. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yi Lu
    • 1
  • Serge Vaudenay
    • 2
  • Willi Meier
    • 3
  • Liping Ding
    • 1
  • Jianchun Jiang
    • 1
  1. 1.National Engineering Research Center of Fundamental Software, Institute of SoftwareChinese Academy of SciencesBeijingChina
  2. 2.EPFLLausanneSwitzerland
  3. 3.FHNWWindischSwitzerland

Personalised recommendations