On applying linear cryptanalysis to IDEA
Linear cryptanalysis is a well-known attack based on linear approximations, and is said to be feasible for an n-bit block cipher if the data complexity is at most 2n. In this paper we consider IDEA with independent and uniformly distributed subkeys, referred to as IDEA with extended subkeys. We prove that any linear approximation of IDEA with extended subkeys, generalized to R rounds, requires at least R+[R/3] approximations to the multiply operation. We argue that the best approximations are based on approximating least significant bits in the round operations and show that the probability of selecting a key for which such a linear cryptanalysis is feasible on IDEA is approximately 2−100.
KeywordsLinear Approximation Linear Association Round Function Output Transformation Linear Cryptanalysis
Unable to display preview. Download preview PDF.
- 1.J. Daemen, R. Govaerts, and J. Vandewalle. Weak keys for IDEA. Advances in Cryptology, CRYPT0'93, Lecture Notes in Computer Science, vol. 773, D. Stinson ed., Springer-Verlag, pages 224–231, 1994.Google Scholar
- 2.C. Harpes and J.L. Kramer, G. G.and Massey. Generalisation of linear cryptanalysis and the applicability of Matsui's piling-up lemma. Advances in Cryptology, EUROCRYPT'95, Lecture Notes in Computer Science, vol. 921, L. C. Guillou, J. Quiquater ed., Springer-Verlag, pages 24–38, 1995.Google Scholar
- 3.B. S. Kaliski Jr. and Y. L. Yin. On differential and linear cryptanalysis of the RC5 encryption algorithm. Advances in Cryptology, CRYPTO'95, Lecture Notes in Computer Science, vol. 963, D. Coppersmith ed., Springer-Verlag, pages 171–184, 1995.Google Scholar
- 4.X. Lai. On the design and security of block ciphers. ETH Series in Information Processing, editor J. Massey, Hartung-Gorre Verlag Konstanz, 1992.Google Scholar
- 5.X. Lai, J. Massey, and S. Murphy. Markov ciphers and differential cryptanalysis. In Advances in Cryptology, EUROCRYPT'91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 17–38, 1991.Google Scholar
- 6.M. Matsui. Linear cryptanalysis method for DES cipher. Advances in Cryptology, EUROCRYPT'93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 386–397, 1994.Google Scholar