Linear cryptanalysis of LOKI and s2DES

  • Toshio Tokita
  • Tohru Sorimachi
  • Mitsuru Matsui
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 917)

Abstract

This paper discusses linear cryptanalysis of LOKI89, LOKI91 and s2DES. Our computer program based on Matsui's search algorithm has completely determined their best linear approximate equations, which tell us applicability of linear cryptanalysis to each cryptosystem. As a result, LOKI89 and LOKI91 are resistant to linear cryptanalysis from the viewpoint of the best linear approximate probability, whereas s2DES is breakable by a known-plaintext attack faster than an exhaustive key search. Moreover, our search program, which is also applicable to differential cryptanalysis, has derived their best differential characteristics as well. These values give a complete proof that characteristics found by Knudsen are actually best.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham,E.,Shamir,A.: Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag (1993)Google Scholar
  2. 2.
    Matsui,M.: Linear Cryptanalysis Method for DES cipher. Advances in Cryptology — Eurocrypt'93, Lecture Notes in Computer Science, Springer-Verlag 765 (1993) 386–397Google Scholar
  3. 3.
    Matsui,M.: On correlation between the order of S-boxes and the strength of DES. Pre-proceedings of Eurocrypt'94 (1994) 375–387Google Scholar
  4. 4.
    Matsui,M.: The First Experimental Cryptanalysis of the Data Encryption Standard. Advances in Cryptology — Crypto'94, Lecture Notes in Computer Science, Springer-Verlag 839 (1994) 1–11Google Scholar
  5. 5.
    Brown,L.,Pieprzyk,J.,Seberry,J.: LOKI-A Cryptographic Primitive for Authentication and Secrecy Applications. Advances in Cryptology — Auscrypt'90, Lecture Notes in Computer Science, Springer-Verlag 453 (1990) 229–236Google Scholar
  6. 6.
    Brown,L.,Kwan,M.,Pieprzyk,J.,Seberry,J.: Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI. Advances in Cryptology — Asiacrypt'91, Lecture Notes in Computer Science, Springer-Verlag 739 (1993) 36–50Google Scholar
  7. 7.
    Kim,K.: Construction of DES-like S-boxes Based on Boolean Functions Satisfying the SAC. Advances in Cryptology — Asiacrypt'91, Lecture Notes in Computer Science, Springer-Verlag 739 (1993) 59–72Google Scholar
  8. 8.
    Biham,E.,Shamir,A.: Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. Advances in Cryptology — Crypto'91, Lecture Notes in Computer Science, Springer-Verlag 576 (1992) 156–171Google Scholar
  9. 9.
    Knudsen,L.: Cryptanalysis of LOKI. Advances in Cryptology — Asiacrypt'91, Lecture Notes in Computer Science, Springer-Verlag 739 (1993) 22–35Google Scholar
  10. 10.
    Knudsen,L.: Cryptanalysis of LOKI91. Advances in Cryptology — Auscrypt'92, Lecture Notes in Computer Science, Springer-Verlag 718 (1993) 196–208Google Scholar
  11. 11.
    Knudsen,L.: Iterative Characteristics of DES and s2-DES. Advances in Cryptology — Crypto'92, Lecture Notes in Computer Science, Springer-Verlag 740 (1993) 497–511Google Scholar
  12. 12.
    Lai,X.,Massey,J.,Murphy,S.: Markov ciphers and differential cryptanalysis. Advances in Cryptology — Eurocrypt'91, Lecture Notes in Computer Science, Springer-Verlag 547 (1991) 17–38Google Scholar
  13. 13.
    Nyberg,K.: Linear Approximation of Block Ciphers. Presented at Rump Session in Eurocrypt'94Google Scholar

Copyright information

© Springer-Verlag 1995

Authors and Affiliations

  • Toshio Tokita
    • 1
  • Tohru Sorimachi
    • 1
  • Mitsuru Matsui
    • 1
  1. 1.Computer & Information Systems LaboratoryMitsubishi Electric CorporationKanagawaJapan

Personalised recommendations