On Multiple Linear Approximations

  • Alex Biryukov
  • Christophe De Cannière
  • Michaël Quisquater
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3152)

Abstract

In this paper we study the long standing problem of information extraction from multiple linear approximations. We develop a formal statistical framework for block cipher attacks based on this technique and derive explicit and compact gain formulas for generalized versions of Matsui’s Algorithm 1 and Algorithm 2. The theoretical framework allows both approaches to be treated in a unified way, and predicts significantly improved attack complexities compared to current linear attacks using a single approximation. In order to substantiate the theoretical claims, we benchmarked the attacks against reduced-round versions of DES and observed a clear reduction of the data and time complexities, in almost perfect correspondence with the predictions. The complexities are reduced by several orders of magnitude for Algorithm 1, and the significant improvement in the case of Algorithm 2 suggests that this approach may outperform the currently best attacks on the full DES algorithm.

Keywords

Linear cryptanalysis multiple linear approximations stochastic systems of linear equations maximum likelihood decoding key-ranking DES AES 

References

  1. 1.
    Biryukov, A., De Cannière, C., Quisquater, M.: On multiple linear approximations (extended version). Cryptology ePrint Archive: Report 2004/057, http://eprint.iacr.org/2004/057/
  2. 2.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES — The Advanced Encryption Standard. Springer, Heidelberg (2002)MATHGoogle Scholar
  3. 3.
    Junod, P.: On the optimality of linear, differential, and sequential distinguishers. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 17–32. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Junod, P., Vaudenay, S.: Optimal key ranking procedures in a statistical cryptanalysis. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 1–15. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Kaliski, B.S., Robshaw, M.J.: Linear cryptanalysis using multiple approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Knudsen, L.R., Mathiassen, J.E.: A chosen-plaintext linear attack on DES. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 262–272. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Knudsen, L.R., Robshaw, M.J.B.: Non-linear approximations in linear cryptanalysis. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 224–236. Springer, Heidelberg (1996)Google Scholar
  8. 8.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Matsui, M.: The first experimental cryptanalysis of the Data Encryption Standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994)Google Scholar
  10. 10.
    Matsui, M.: Linear cryptanalysis method for DES cipher (I) (extended paper), unpublished (1994)Google Scholar
  11. 11.
    Murphy, S., Piper, F., Walker, M., Wild, P.: Likelihood estimation for block cipher keys. Technical report, Information Security Group, Royal Holloway, University of London (1995)Google Scholar
  12. 12.
    Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 174–185. Springer, Heidelberg (2003), Also available at https://www.cerias.purdue.edu/papers/archive/2002-02.ps CrossRefGoogle Scholar
  13. 13.
    Shimoyama, T., Kaneko, T.: Quadratic relation of s-box and its application to the linear attack of full round des. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 200–211. Springer, Heidelberg (1998)Google Scholar
  14. 14.
    Vaudenay, S.: An experiment on DES statistical cryptanalysis. In: 3rd ACM Conference on Computer and Communications Security, CCS, pp. 139–147. ACM Press, New York (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Alex Biryukov
    • 1
  • Christophe De Cannière
    • 1
  • Michaël Quisquater
    • 1
  1. 1.Dept. ESAT/SCD-COSICKatholieke Universiteit LeuvenLeuven-HeverleeBelgium

Personalised recommendations