Linear Cryptanalysis of ARIA Block Cipher
In this paper, we firstly present an approach to derive a kind of special linear characteristics for byte-oriented SPN block ciphers. Then based on this approach, we study the security of the block cipher ARIA against linear cryptanalysis and propose an attack on 7-round ARIA with 128/192/256-bit key size, an attack on 9-round ARIA with 192/256-bit key size as well as an attack on 11-round ARIA with 256-bit key size. The designers of ARIA expect that there isn’t any effective attack on 8 or more rounds of ARIA with 128/192/256-bit key size by means of linear cryptanalysis. However, our work shows that such attacks do exist. Moreover, our cryptanalytic results are the best known cryptanalytic results of ARIA so far.
KeywordsCryptanalysis Linear cryptanalysis Block cipher ARIA
Unable to display preview. Download preview PDF.
- 2.National Security Research Institute, Korea. Specification of ARIA. Version 1.0 (2005)Google Scholar
- 3.Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
- 9.Li, R., Sun, B., Zhang, P., Li, C.: New Impossible Differentials of ARIA. Cryptology ePrint Archive, Report 2008/227 (2008), http://eprint.iacr.org/
- 15.Tang, X., Sun, B., Li, R., Li, C.: A Meet-in-the-middle Attack on ARIA. Cryptology ePrint Archive, Report 2010/168 (2010), http://eprint.iacr.org/