Skip to main content
SpringerLink
Log in

Linear hulls with correlation zero and linear cryptanalysis of block ciphers

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an algorithm of complexity 2n-1 is proposed for the exact evaluation of correlation. Non-trivial zero-correlation linear approximations are demonstrated for various block cipher structures including AES, balanced Feistel networks, Skipjack, CLEFIA, and CAST256. As an example, using the zero-correlation linear cryptanalysis, a key-recovery attack is shown on 6 rounds of AES-192 and AES-256 as well as 13 rounds of CLEFIA-256.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Biham E.: On Matsui’s linear cryptanalysis. In: EUROCRYPT’94, vol. 950, Lecture Notes in Computer Science, pp. 341–355. Springer, Heidelberg (1995).

  2. Biham E., Biryukov A., Shamir A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: EUROCRYPT’99, LNCS, pp. 12–23. Springer, Heidelberg (1999).

  3. Biham E., Keller N.: Cryptanalysis of reduced variants of rijndael. http://www.madchat.fr/crypto/codebreakers/35-ebiham.pdf (1999). Accessed Oct 2011

  4. Biham E., Shamir A.: Differential cryptanalysis of DES-like cryptosystems. In: Alfred, M., Scott, A.V. (eds) CRYPTO’90, LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1990)

    Google Scholar 

  5. Bogdanov A., Wang M.: Zero correlation linear cryptanalysis with reduced data complexity. In: FSE’12, LNCS. Springer, Heidelberg (2012).

  6. Borst J, Knudsen L.R., Rijmen V.: Two attacks on reduced IDEA. In: Fumy, W. (ed.) EUROCRYPT’97, LNCS, pp. 1–13. Springer, Heidelberg (1997)

    Google Scholar 

  7. Choy J., Yap H.: Impossible boomerang attack for block cipher structures. In: Tsuyoshi, T., Masahiro, M. (eds.) IWSEC’09, LNCS, vol. 5824, pp. 22–37. Springer, Heidelberg (2009)

    Google Scholar 

  8. Collard B., Standaert F.-X.: Experimenting linear cryptanalysis. In: Junod, P., Canteaut, A. (eds.) Advanced Linear Cryptanalysis of Block and Stream Ciphers, Cryptology and Information Security Series, vol. 7, IOS Press, Amsterdam (2011)

    Google Scholar 

  9. Daemen J., Govaerts R., Vandewalle J.: Correlation matrices. In: Preneel, B. (ed.) Fast Software Encryption, LNCS, vol. 1008, pp. 275–285. Springer, Heidelberg (1994)

    Google Scholar 

  10. Daemen J., Rijmen V.: The design of rijndael: AES—the advanced encryption standard. Springer, Heidelberg (2002)

    Book  Google Scholar 

  11. Daemen J., Rijmen V.: Probability distributions of correlation and differentials in block ciphers. J. Math. Cryptol. 1(3), 221–242 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  12. Etrog J., Robshaw M.J.B.: On unbiased linear approximations. In: ACISP’10, LNCS, vol. 6168, pp. 74–86. Springer, Heidelberg (2010).

  13. FIPS: Advanced Encryption Standard. Publication 197. National Bureau of Standards, U.S. Department of Commerce, (2001).

  14. Lu J., Dunkelman O., Keller N., Kim J.: New impossible differential attacks on AES. In: INDOCRYPT’08, LNCS, pp. 279–293. Springer, Heidelberg (2008).

  15. Matsui M.: Linear cryptoanalysis method for DES cipher. In: EUROCRYPT’93, LNCS, pp. 386–397. Springer, Heidelberg, (1993).

  16. Matyas S.M., Meyer C.H., Oseas J.: Generating strong one-way functions with cryptographic algorithm. IBM Tech. Discl. Bull. 27, 5658–5659 (1985)

    Google Scholar 

  17. Nyberg K.: Linear approximation of block ciphers. In: EUROCRYPT’94, LNCS, pp. 439–444. Springer, Heidelberg (1994).

  18. Nyberg K.: Correlation theorems in cryptanalysis. Discret. Appl. Math. 111(1–2), 177–188 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  19. O’Connor L.: Properties of linear approximation tables. In: Preneel B. (ed.) FSE. LNCS, vol. 1008, pp. 131–136 (1994).

  20. Röck A., Nyberg K.: Exploiting linear hull in Matsui’s algorithm vol. 1, (2011).

  21. Shirai T., Shibutani K., Akishita T., Moriai S., Iwata T.: The 128-Bit Blockcipher CLEFIA (Extended Abstract). In: FSE’07, LNCS, pp. 181–195. Springer, Heidelberg (2007).

  22. Sung J., Lee S., Lim Jong I., Hong S., Park S.: Provable security for the skipjack-like structure against differential cryptanalysis and linear cryptanalysis. In: Okamoto T. (ed.) ASIACRYPT2000, LNCS, pp. 274–288 (1976).

  23. Tsunoo Y., Tsujihara E., Shigeri M., Saito T., Suzaki T., Kubo H.: Impossible differential cryptanalysis of CLEFIA. In: FSE’08, LNCS, pp. 398–411. Springer, Heidelberg (2008).

  24. Vaudenay S.: Decorrelation: A theory for block cipher security. J. Cryptol. 16(4), 249–286 (2003)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of ESAT and IBBT Security Department, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium

    Andrey Bogdanov & Vincent Rijmen

Authors
  1. Andrey Bogdanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vincent Rijmen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrey Bogdanov.

Additional information

Communicated by L. R. Knudsen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bogdanov, A., Rijmen, V. Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Cryptogr. 70, 369–383 (2014). https://doi.org/10.1007/s10623-012-9697-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-012-9697-z

Keywords

Mathematical Subject Classification

Search

Navigation