Linear Cryptanalysis of ARIA Block Cipher

  • Zhiqiang Liu
  • Dawu Gu
  • Ya Liu
  • Juanru Li
  • Wei Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7043)


In this paper, we firstly present an approach to derive a kind of special linear characteristics for byte-oriented SPN block ciphers. Then based on this approach, we study the security of the block cipher ARIA against linear cryptanalysis and propose an attack on 7-round ARIA with 128/192/256-bit key size, an attack on 9-round ARIA with 192/256-bit key size as well as an attack on 11-round ARIA with 256-bit key size. The designers of ARIA expect that there isn’t any effective attack on 8 or more rounds of ARIA with 128/192/256-bit key size by means of linear cryptanalysis. However, our work shows that such attacks do exist. Moreover, our cryptanalytic results are the best known cryptanalytic results of ARIA so far.


Cryptanalysis Linear cryptanalysis Block cipher ARIA 


  1. 1.
    Kwon, D., Kim, J., Park, S., Sung, S.H., et al.: New Block Cipher: ARIA. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 432–445. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    National Security Research Institute, Korea. Specification of ARIA. Version 1.0 (2005)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  4. 4.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Knudsen, L.R.: Truncated and Higher Order Differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. Journal of Cryptology 18(4), 291–311 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Knudsen, L.R., Wagner, D.: Integral Cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Wu, W., Zhang, W., Feng, D.: Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia. Journal of Computer Science and Technology 22(3), 449–456 (2007)CrossRefGoogle Scholar
  9. 9.
    Li, R., Sun, B., Zhang, P., Li, C.: New Impossible Differentials of ARIA. Cryptology ePrint Archive, Report 2008/227 (2008),
  10. 10.
    Du, C., Chen, J.: Impossible Differential Cryptanalysis of ARIA Reduced to 7 Rounds. In: Heng, S.-H., Wright, R.N., Goi, B.-M. (eds.) CANS 2010. LNCS, vol. 6467, pp. 20–30. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Li, P., Sun, B., Li, C.: Integral Cryptanalysis of ARIA. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 1–14. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Li, Y., Wu, W., Zhang, L.: Integral Attacks on Reduced-Round ARIA Block Cipher. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds.) ISPEC 2010. LNCS, vol. 6047, pp. 19–29. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Fleischmann, E., Forler, C., Gorski, M., Lucks, S.: New Boomerang Attacks on ARIA. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 163–175. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  15. 15.
    Tang, X., Sun, B., Li, R., Li, C.: A Meet-in-the-middle Attack on ARIA. Cryptology ePrint Archive, Report 2010/168 (2010),
  16. 16.
    Demirci, H., Selçuk, A.A.: A Meet-in-the-Middle Attack on 8-Round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Selçuk, A.A.: On Probability of Success in Linear and Differential Cryptanalysis. Journal of Cryptology 21(1), 131–147 (2008)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Zhiqiang Liu
    • 1
  • Dawu Gu
    • 1
  • Ya Liu
    • 1
  • Juanru Li
    • 1
  • Wei Li
    • 2
    • 3
  1. 1.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina
  2. 2.School of Computer Science and TechnologyDonghua UniversityShanghaiChina
  3. 3.Shanghai Key Laboratory of Integrate Administration Technologies for Information SecurityShanghaiChina

Personalised recommendations