Advertisement

On Matsui's linear cryptanalysis

  • Eli Biham
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 950)

Abstract

In [9] Matsui introduced a new method of cryptanalysis, called Linear Cryptanalysis. This method was used to attack DES using 247 known plaintexts. In this paper we formalize this method and show that although in the details level this method is quite different from differential cryptanalysis, in the structural level they are very similar. For example, characteristics can be defined in linear cryptanalysis, but the concatenation rule has several important differences from the concatenation rule of differential cryptanalysis. We show that the attack of Davies on DES is closely related to linear cryptanalysis. We describe constraints on the size of S boxes caused by linear cryptanalysis. New results to Feal are also described.

References

  1. [1]
    Eli Biham, Adi Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  2. [2]
    Eli Biham, Adi Shamir, Differential Cryptanalysis of DES-like Cryptosystems, Journal of Cryptology, Vol. 4, No. 1, pp. 3–72, 1991.MathSciNetCrossRefGoogle Scholar
  3. [3]
    Eli Biham, Adi Shamir, Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer, technical report CS91-18, Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science, 1991. The extended abstract appears in Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'91, pp. 156–171, 1991.Google Scholar
  4. [4]
    Don Coppersmith, The Data Encryption Standard (DES) and its Strength Against Attacks, technical report, IBM Thomas J. Watson Research Center, RC 18613 (81421), December 1992.Google Scholar
  5. [5]
    D. W. Davies, Investigation of a Potential Weakness in the DES Algorithm, 1987, private communication.Google Scholar
  6. [6]
    Xuejia Lai, James L. Massey, Sean Murphy, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'91, pp. 17–38, 1991.Google Scholar
  7. [7]
    Xuejia Lai, On the Design and Security of Block Ciphers, Ph.D. thesis, Swiss Federal Institue of Technology, Zurich, 1992.Google Scholar
  8. [8]
    Mitsuru Matsui, Atsuhiro Yamagishi, A New Method for Known Plaintext Attack of FEAL Cipher, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'92, pp. 81–91, 1992.Google Scholar
  9. [9]
    M. Matsui, Linear Cryptanalysis Method for DES Cipher, Abstracts of EUROCRYPT'93, pp. W112–W123, May 1993.Google Scholar
  10. [10]
    Ralph C. Merkle, Fast Software Encryption Functions, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'90, pp. 476–501, 1990.Google Scholar
  11. [11]
    Shoji Miyaguchi, Akira Shiraishi, Akihiro Shimizu, Fast Data Encryption Algorithm FEAL-8, Review of electrical communications laboratories, Vol. 36, No. 4, pp. 433–437, 1988.Google Scholar
  12. [12]
    Luke O'Connor, On the Distribution of Characteristics in Bijective Mappings, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'93, to appear.Google Scholar
  13. [13]
    Luke O'Connor, On the Distribution of Characteristics in Composite Permutations, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'93, to appear.Google Scholar
  14. [14]
    Adi Shamir, On the Security of DES, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of CRYPTO'85, pp. 280–281, 1985.Google Scholar
  15. [15]
    Akihiro Shimizu, Shoji Miyaguchi, Fast Data Encryption Algorithm FEAL, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of EUROCRYPT'87, pp. 267–278, 1987.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Eli Biham
    • 1
  1. 1.Computer Science DepartmentTechnion - Israel Institute of TechnologyHaifaIsrael

Personalised recommendations