Linear Cryptanalysis for Block Ciphers

Biryukov, Alex; De Cannière, Christophe

doi:10.1007/978-1-4419-5906-5_589

Linear Cryptanalysis for Block Ciphers

Alex Biryukov Professor³ &
Christophe De Cannière³

Reference work entry

782 Accesses
1 Citations

Related Concepts

Block Ciphers; FEAL

Definition

Linear cryptanalysis is a known plaintext attack in which the attacker studies probabilistic linear relations (called linear approximations) between parity bits of the plaintext, the ciphertext, and the secret key. Given an approximation with high probability, the attacker obtains an estimate for the parity bit of the secret key by analyzing the parity bits of the known plaintexts and ciphertexts. Using auxiliary techniques, he or she can usually extend the attack to find more bits of the secret key.

Background

Linear cryptanalysis is a powerful method of cryptanalysis of block ciphers introduced by Matsui in 1993 [13]. The attack in its current form was first applied to the Data Encryption Standard (DES), but an early variant of linear cryptanalysis, developed by Matsui and Yamagishi, was already successfully used to attack FEAL in 1992 [ 12].

Theory

The next section provides some more details about the attack algorithm. Sections...

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 849.99; Price excludes VAT (USA)

Hardcover Book: USD 999.99; Price excludes VAT (USA)

Learn about institutional subscriptions

Recommended Reading

Biham E (1995) On Matsui’s linear cryptanalysis. In: De Santis A (ed) Advances in cryptology – eurocryrt’94. Lecture notes in computer science, vol 950. Springer, Berlin, pp 341–355
Google Scholar
Biryukov A, De Cannière C, Quisquater M (2004) On multiple linear approximations In: Franklin M (ed) Advances in cryptology, proceedings of crypto 2004. Lecture notes in computer science, vol 3152. Springer, pp 1–22
Google Scholar
Desmedt Y (ed) (1994). In: Desmedt YG (ed) Advances in cryptology – crypto’94. Lecture notes in computer science, vol 839. Springer, Berlin
Google Scholar
Harpes C, Massey JL (1997) Partitioning cryptanalysis. In: Biham E (1997) Fast software encryption, FSE’97. Lecture notes in computer science, vol 1267. Springer, Berlin, pp 13–27
Google Scholar
Hong S, Lee S, Lim J, Sung J, Cheon D, Cho I (2000) Provable security against differential and linear cryptanalysis for the SPN structure. In: Schneier B (ed) Proceedings of fast software encryption – FSE 2000. Lecture notes in computer science, vol 1978. Springer-Verlag, Berlin, pp 273–283
Google Scholar
Junod P, Vaudenay S (2003) Optimal key ranking procedures in a statistical cryptanalysis. In: Johansson T (ed) Fast software encryption, FSE 2003. Lecture notes in computer science, vol 2887. Springer, Berlin, pp 1–15
Google Scholar
Kaliski BS, Robshaw MJ (1994) Linear cryptanalysis using multiple approximations. In: Desmedt Y (ed) Advances in cryptography – crypto’94. Lecture notes in computer science, vol 839. Springer, Berlin, pp 26–39
Google Scholar
Keliher L, Meijer H, Tavares SE (2001) New method for upper bounding the maximum average linear hull probability for SPNs. In: Pfitzmann B (ed) eurocrypt 2001. Lecture notes in computer science, vol 2045. Springer, Berlin, pp 420–436
Google Scholar
Knudsen LR, Mathiassen JE (2001) A chosen-plaintext linear attack on DES. In: Schneier B (ed) Fast software encryption, FSE 2000. Lecture notes in computer science, vol 1978. Springer, Berlin, pp 262–272
Google Scholar
Knudsen LR, Meier W (2000) Correlations in RC6 with a reduced number of rounds. In: Schneier B (ed) Proceedings of fast software encryption – FSE 2000. Lecture notes in computer science, vol 1978. Springer, Berlin, pp 94–108
Google Scholar
Knudsen LR, Robshaw MJB (1996) Non-linear approximations in linear cryptanalysis. In: Maurer U (ed) Advances in cryptology – eurocrypt’96. Lecture notes in computer science, vol 1070. Springer, Berlin, pp 224–236
Google Scholar
Matsui M (1993) Linear cryptanalysis method for DES cipher. In: Helleseth T (ed) Advances in cryptology – eurocrypt’93. Lecture notes in computer science, vol 765. Springer, Berlin, pp 386–397
Google Scholar
Matsui M, Yamagishi A (1993) A new method for known plaintext attack of FEAL cipher. In: Rueppel RA (ed) Advances in cryptography – eurocrypt’92. Lecture notes in computer science, vol 658. Springer, Berlin, pp 81–91
CrossRef Google Scholar
Matsui M (1994) The first experimental cryptanalysis of the data encryption standard. In: Desmedt YG (ed) Advances in cryptography – crypto’94. Lecture notes in computer science, vol 839. Springer, Berlin, pp 1–11
Google Scholar
Matsui M () On correlation between the order of S-boxes and the strength of DES. In: De Santis S (ed) Advances in cryptology – eurocrypt’94. Lecture notes in computer science, vol 950. Springer, Berlin, pp 366–375
Google Scholar
Nyberg K (1994) Linear approximations of block ciphers. In: De Santis (ed) Advances in cryptography – eurocrypt’94. Lecture notes in computer science, vol 950. Springer, Berlin, pp 439–444
Google Scholar
Nyberg K, Knudsen LR (1995) Provable security against a differential attack. J Cryptol 8(1):27–38
CrossRef MATH MathSciNet Google Scholar
Santis AD (ed) (1995). In: De Santis A (ed) Advances in cryptology – eurocrypt’94. Lecture notes in computer science, vol 950. Springer, Berlin
Google Scholar
Selcuk AA (2002) On probability of success in differential and linear cryptanalysis. Technical report, network systems lab, department of computer science, Purdue University, 2002. Previously published at SCN 2002
Google Scholar
Shimoyama T, Kaneko T (1998) Quadratic relation of S-box and its application to the linear attack of full round des. In: Krawczyk H (ed) Advances in cryptology – crypto’98. Lecture notes in computer science, vol 1462. Springer, Berlin, pp 200–211
Google Scholar
Shimoyama T, Moriai S, Kaneko T, Tsujii S (1999) Improved higher order differential attack and its application to Nyberg-Knudsen’s designed block cipher. IEICE Trans Fundament E82-A(9):1971–1980 http://search.ieice.or.jp/1999/files/e000a09. htm#e82-a,9,1971
Vaudenay S (1996) On the weak keys of blowfish. In: Gollmann D (ed) Fast software encryption, FSE’96. Lecture notes in computer science, vol 1039. Springer, Berlin, pp 27–32
Google Scholar
Vaudenay S (2003) Decorrelation: a theory for block cipher security. Journal of Cryptology 16(4):249–286
CrossRef MATH MathSciNet Google Scholar
Wagner D (1999) The boomerang attack. In: Knudsen LR (ed) Fast software encryption, FSE’99. Lecture notes in computer science, vol 1636. Springer, Berlin, pp 156–170
Google Scholar

Download references

Author information

Authors and Affiliations

FDEF, Campus Limpertsberg, University of Luxembourg, Luxembourg, Luxembourg
Alex Biryukov Professor & Christophe De Cannière

Authors

Alex Biryukov Professor
View author publications
You can also search for this author in PubMed Google Scholar
Christophe De Cannière
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Mathematics and Computing Science, Eindhoven University of Technology, 5600 MB, Eindhoven, The Netherlands
Henk C. A. van Tilborg
Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030-4422, USA
Sushil Jajodia

Rights and permissions

Reprints and Permissions

Copyright information

About this entry

Cite this entry

Biryukov, A., De Cannière, C. (2011). Linear Cryptanalysis for Block Ciphers. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_589

Download citation

DOI: https://doi.org/10.1007/978-1-4419-5906-5_589
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering