On Probability of Success in Linear and Differential Cryptanalysis
Despite their widespread usage in block cipher analysis, the success probability estimation of differential and linear cryptanalytic attacks has traditionally been carried out in a rather ad hoc fashion. In this paper, we present an analytical calculation of the success probability of these attacks. Besides providing a sound formulation of the success probabilities, the analysis reveals some previously unnoticed factors affecting the success of an attack, such as the attacked key length in differential cryptanalysis. The results apply to an extended sense of the term “success” where the correct key is found not necessarily as the highest-ranking candidate but within a set of highest-ranking candidates.
Unable to display preview. Download preview PDF.
- 1.E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer-Verlag, 1993.Google Scholar
- 2.Burgess Davis. Personal communication.Google Scholar
- 3.Pascal Junod. On the complexity of Matsui’s attack. In Selected Areas in Cryptography’ 01, pages 199–211. Springer-Verlag, 2001.Google Scholar
- 5.Mitsuru Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology-Eurocrypt’93, pages 386–397. Springer-Verlag, 1993.Google Scholar
- 6.Mitsuru Matsui. The first experimental cryptanalysis of the Data Encryption Standard. InY. G. Desmedt, editor, Advances in Cryptology-Crypto’94, pages 1–11. Springer-Verlag, 1994.Google Scholar
- 7.A. Rényi. Probability Theory. American Elsevier Publishing Company, Inc., 1970.Google Scholar