Advertisement

Properties of linear approximation tables

  • Luke O'Connor
Session 2: Block Ciphers-Design
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1008)

Abstract

Linear cryptanalysis is an attack that derives a linear approximation between bits of the plaintext, ciphertext and key. This global approximation is constructed from the linear approximation tables of the nonlinear mappings used by the cipher, usually the S-boxes, as in the case of DES. In this paper we will describe the distribution of these tables for bijective mappings (permutations), concentrating on the expected value of the largest entry, and use our results to construct Feistel ciphers provably resistant to linear cryptanalysis.

References

  1. 1.
    E. Biham. On Matsui's Linear Cryptanalysis. to appear, proceedings of EUROCRYPT 94, Perugia, Italy, 1994.Google Scholar
  2. 2.
    E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.Google Scholar
  3. 3.
    F. Chabaud and S. Vandenay. Links between differential and linear cryptanalysis. to appear, proceedings of EUROCRYPT 94, Perugia, Italy, 1994.Google Scholar
  4. 4.
    H. Feistel. Cryptography and computer privacy. Scientific American, 228(5):15–23, 1973.Google Scholar
  5. 5.
    H. Feistel, W. A. Notz, and J. Lynn Smith. Some cryptographic techniques for machine-to-machine data communications. proceedings of the IEEE, 63(11):1545–1554, 1975.Google Scholar
  6. 6.
    W. Feller. An Introduction to Probability Theory and its Applications. New York: Wiley, 3rd edition, Volume 1, 1968.Google Scholar
  7. 7.
    H. M. Heys and S. E. Tavares. Substitution-permutation networks resistent to differential and linear cryptanalysis. submitted to the Journal of Crytology.Google Scholar
  8. 8.
    K. Kim, S. Lee, S. Park, and D. Lee. DES can be immune to linear cryptanalysis. proceedings of the Workshop on Selected Areas in Cryptography, Kingston, Canada, May 1994, pages 70–81, 1994.Google Scholar
  9. 9.
    L. R. Knudsen. Practically secure Feistel ciphers. proceedings of Fast Software Encryption, Cambridge Security Workshop, Lecture Notes in Conputer Science, vol. 809, 1994, pages 211–221, 1994.Google Scholar
  10. 10.
    M. Matsui. Linear cryptanalysis of DES cipher (I). (version 1.03) private communication.Google Scholar
  11. 11.
    M. Matsui. Linear cryptanalysis method for DES cipher. Advances in Cryptology, EUROCRYPT 93, Lecture Notes in Computer Science, vol. 65, T. Helleseth ed., Springer-Verlag, pages 386–397, 1994.Google Scholar
  12. 12.
    W. Meier and O. Staffelbach. Nonlinearity criteria for cryptographic functions. Advances in Cryptology, EUROCRYPT 89, Lecture Notes in Computer Science, vol. 434, J.-J. Quisquater, J. Vandewalle eds., Springer-Verlag, pages 549–562, 1990.Google Scholar
  13. 13.
    L. J. O'Connor. On the distribution of characteristics in bijective mappings. Advances in Cryptology, EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 360–370, 1994.Google Scholar
  14. 14.
    J. Pieprzyk, C. Charnes, and Seberry J. Linear approximation versus nonlinearity. proceedings of the Workshop on Selected Areas in Cryptography, Kingston, Canada, May 1994, pages 82–89, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Luke O'Connor
    • 1
    • 2
  1. 1.Distributed Systems Technology Centre (DSTC)BrisbaneAustralia
  2. 2.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia

Personalised recommendations