Abstract
Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an algorithm of complexity 2n-1 is proposed for the exact evaluation of correlation. Non-trivial zero-correlation linear approximations are demonstrated for various block cipher structures including AES, balanced Feistel networks, Skipjack, CLEFIA, and CAST256. As an example, using the zero-correlation linear cryptanalysis, a key-recovery attack is shown on 6 rounds of AES-192 and AES-256 as well as 13 rounds of CLEFIA-256.
Similar content being viewed by others
References
Biham E.: On Matsui’s linear cryptanalysis. In: EUROCRYPT’94, vol. 950, Lecture Notes in Computer Science, pp. 341–355. Springer, Heidelberg (1995).
Biham E., Biryukov A., Shamir A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: EUROCRYPT’99, LNCS, pp. 12–23. Springer, Heidelberg (1999).
Biham E., Keller N.: Cryptanalysis of reduced variants of rijndael. http://www.madchat.fr/crypto/codebreakers/35-ebiham.pdf (1999). Accessed Oct 2011
Biham E., Shamir A.: Differential cryptanalysis of DES-like cryptosystems. In: Alfred, M., Scott, A.V. (eds) CRYPTO’90, LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1990)
Bogdanov A., Wang M.: Zero correlation linear cryptanalysis with reduced data complexity. In: FSE’12, LNCS. Springer, Heidelberg (2012).
Borst J, Knudsen L.R., Rijmen V.: Two attacks on reduced IDEA. In: Fumy, W. (ed.) EUROCRYPT’97, LNCS, pp. 1–13. Springer, Heidelberg (1997)
Choy J., Yap H.: Impossible boomerang attack for block cipher structures. In: Tsuyoshi, T., Masahiro, M. (eds.) IWSEC’09, LNCS, vol. 5824, pp. 22–37. Springer, Heidelberg (2009)
Collard B., Standaert F.-X.: Experimenting linear cryptanalysis. In: Junod, P., Canteaut, A. (eds.) Advanced Linear Cryptanalysis of Block and Stream Ciphers, Cryptology and Information Security Series, vol. 7, IOS Press, Amsterdam (2011)
Daemen J., Govaerts R., Vandewalle J.: Correlation matrices. In: Preneel, B. (ed.) Fast Software Encryption, LNCS, vol. 1008, pp. 275–285. Springer, Heidelberg (1994)
Daemen J., Rijmen V.: The design of rijndael: AES—the advanced encryption standard. Springer, Heidelberg (2002)
Daemen J., Rijmen V.: Probability distributions of correlation and differentials in block ciphers. J. Math. Cryptol. 1(3), 221–242 (2007)
Etrog J., Robshaw M.J.B.: On unbiased linear approximations. In: ACISP’10, LNCS, vol. 6168, pp. 74–86. Springer, Heidelberg (2010).
FIPS: Advanced Encryption Standard. Publication 197. National Bureau of Standards, U.S. Department of Commerce, (2001).
Lu J., Dunkelman O., Keller N., Kim J.: New impossible differential attacks on AES. In: INDOCRYPT’08, LNCS, pp. 279–293. Springer, Heidelberg (2008).
Matsui M.: Linear cryptoanalysis method for DES cipher. In: EUROCRYPT’93, LNCS, pp. 386–397. Springer, Heidelberg, (1993).
Matyas S.M., Meyer C.H., Oseas J.: Generating strong one-way functions with cryptographic algorithm. IBM Tech. Discl. Bull. 27, 5658–5659 (1985)
Nyberg K.: Linear approximation of block ciphers. In: EUROCRYPT’94, LNCS, pp. 439–444. Springer, Heidelberg (1994).
Nyberg K.: Correlation theorems in cryptanalysis. Discret. Appl. Math. 111(1–2), 177–188 (2001)
O’Connor L.: Properties of linear approximation tables. In: Preneel B. (ed.) FSE. LNCS, vol. 1008, pp. 131–136 (1994).
Röck A., Nyberg K.: Exploiting linear hull in Matsui’s algorithm vol. 1, (2011).
Shirai T., Shibutani K., Akishita T., Moriai S., Iwata T.: The 128-Bit Blockcipher CLEFIA (Extended Abstract). In: FSE’07, LNCS, pp. 181–195. Springer, Heidelberg (2007).
Sung J., Lee S., Lim Jong I., Hong S., Park S.: Provable security for the skipjack-like structure against differential cryptanalysis and linear cryptanalysis. In: Okamoto T. (ed.) ASIACRYPT2000, LNCS, pp. 274–288 (1976).
Tsunoo Y., Tsujihara E., Shigeri M., Saito T., Suzaki T., Kubo H.: Impossible differential cryptanalysis of CLEFIA. In: FSE’08, LNCS, pp. 398–411. Springer, Heidelberg (2008).
Vaudenay S.: Decorrelation: A theory for block cipher security. J. Cryptol. 16(4), 249–286 (2003)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by L. R. Knudsen.
Rights and permissions
About this article
Cite this article
Bogdanov, A., Rijmen, V. Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Cryptogr. 70, 369–383 (2014). https://doi.org/10.1007/s10623-012-9697-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-012-9697-z