On the Distribution of Linear Biases: Three Instructive Examples

  • Mohamed Ahmed Abdelraheem
  • Martin Ågren
  • Peter Beelen
  • Gregor Leander
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7417)

Abstract

Despite the fact that we evidently have very good block ciphers at hand today, some fundamental questions on their security are still unsolved. One such fundamental problem is to precisely assess the security of a given block cipher with respect to linear cryptanalysis. In by far most of the cases we have to make (clearly wrong) assumptions, e.g., assume independent round-keys. Besides being unsatisfactory from a scientific perspective, the lack of fundamental understanding might have an impact on the performance of the ciphers we use. As we do not understand the security sufficiently enough, we often tend to embed a security margin – from an efficiency perspective nothing else than wasted performance. The aim of this paper is to stimulate research on these foundations of block ciphers. We do this by presenting three examples of ciphers that behave differently to what is normally assumed. Thus, on the one hand these examples serve as counter examples to common beliefs and on the other hand serve as a guideline for future work.

References

  1. 1.
    Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: A Lightweight Hash Function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A., Wang, M.: Zero correlation linear cryptanalysis with reduced data complexity. In: FSE 2012 (to appear, 2012)Google Scholar
  5. 5.
    Buchanan, M.L., Parlett, B.N.: The uniform convergence of matrix powers. Numerische Mathematik 9(1), 51–54 (1966)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Cho, J.Y.: Linear Cryptanalysis of Reduced-Round PRESENT. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 302–317. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Daemen, J., Peeters, M., Assche, G.V., Rijmen, V.: Nessie proposal: NOEKEON (2000), http://gro.noekeon.org/Noekeon-spec.pdf
  8. 8.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES - the Advanced Encryption Standard. Springer, Heidelberg (2002)CrossRefMATHGoogle Scholar
  9. 9.
    Daemen, J., Rijmen, V.: Probability distributions of correlation and differentials in block ciphers. IACR Cryptology ePrint Archive, 2005:212 (2005)Google Scholar
  10. 10.
    Hermelin, M., Cho, J.Y., Nyberg, K.: Multidimensional Extension of Matsui’s Algorithm 2. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 209–227. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Knudsen, L.R., Robshaw, M.: The Block Cipher Companion. Information security and cryptography. Springer, Heidelberg (2011)CrossRefMATHGoogle Scholar
  13. 13.
    Leander, G.: On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 303–322. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206–221. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  16. 16.
    Murphy, S.: The effectiveness of the linear hull effect. Technical report, RHUL-MA-2009-19 (2009)Google Scholar
  17. 17.
    Nyberg, K.: Linear Approximation of Block Ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439–444. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Nyberg, K.: Comments on key-scheduling. Personal communication (2012)Google Scholar
  19. 19.
    Ohkuma, K.: Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 249–265. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Park, S., Sung, S.H., Lee, S., Lim, J.: Improving the Upper Bound on the Maximum Differential and the Maximum Linear Hull Probability for SPN Structures and AES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 247–260. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptology 21(1), 131–147 (2008)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  • Mohamed Ahmed Abdelraheem
    • 1
  • Martin Ågren
    • 2
  • Peter Beelen
    • 1
  • Gregor Leander
    • 1
  1. 1.Technical University of DenmarkKgs. LyngbyDenmark
  2. 2.Dept. of Electrical and Information TechnologyLund UniversityLundSweden

Personalised recommendations