On applying linear cryptanalysis to IDEA

  • Philip Hawkes
  • Luke O'Connor
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1163)


Linear cryptanalysis is a well-known attack based on linear approximations, and is said to be feasible for an n-bit block cipher if the data complexity is at most 2n. In this paper we consider IDEA with independent and uniformly distributed subkeys, referred to as IDEA with extended subkeys. We prove that any linear approximation of IDEA with extended subkeys, generalized to R rounds, requires at least R+[R/3] approximations to the multiply operation. We argue that the best approximations are based on approximating least significant bits in the round operations and show that the probability of selecting a key for which such a linear cryptanalysis is feasible on IDEA is approximately 2−100.


Linear Approximation Linear Association Round Function Output Transformation Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    J. Daemen, R. Govaerts, and J. Vandewalle. Weak keys for IDEA. Advances in Cryptology, CRYPT0'93, Lecture Notes in Computer Science, vol. 773, D. Stinson ed., Springer-Verlag, pages 224–231, 1994.Google Scholar
  2. 2.
    C. Harpes and J.L. Kramer, G. G.and Massey. Generalisation of linear cryptanalysis and the applicability of Matsui's piling-up lemma. Advances in Cryptology, EUROCRYPT'95, Lecture Notes in Computer Science, vol. 921, L. C. Guillou, J. Quiquater ed., Springer-Verlag, pages 24–38, 1995.Google Scholar
  3. 3.
    B. S. Kaliski Jr. and Y. L. Yin. On differential and linear cryptanalysis of the RC5 encryption algorithm. Advances in Cryptology, CRYPTO'95, Lecture Notes in Computer Science, vol. 963, D. Coppersmith ed., Springer-Verlag, pages 171–184, 1995.Google Scholar
  4. 4.
    X. Lai. On the design and security of block ciphers. ETH Series in Information Processing, editor J. Massey, Hartung-Gorre Verlag Konstanz, 1992.Google Scholar
  5. 5.
    X. Lai, J. Massey, and S. Murphy. Markov ciphers and differential cryptanalysis. In Advances in Cryptology, EUROCRYPT'91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 17–38, 1991.Google Scholar
  6. 6.
    M. Matsui. Linear cryptanalysis method for DES cipher. Advances in Cryptology, EUROCRYPT'93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 386–397, 1994.Google Scholar

Copyright information

© Springer-Verlag 1996

Authors and Affiliations

  • Philip Hawkes
    • 1
  • Luke O'Connor
    • 2
  1. 1.Department of MathematicsUniversity of QueenslandBrisbaneAustralia
  2. 2.Distributed Systems Technology Centre (DSTC)BrisbaneAustralia

Personalised recommendations