Another Look at Differential-Linear Attacks
Pages 116 - 136
Abstract
Differential-Linear (DL) cryptanalysis is a well known cryptanalytic technique that combines differential and linear cryptanalysis. Over the years, multiple techniques were proposed to increase its strength. Two recent ones are: The partitioning technique by Leurent and the use of neutral bits adapted by Beierle et al. to DL cryptanalysis.
In this paper we compare these techniques and discuss the possibility of using them together to achieve the best possible DL attacks. We study the combination of these two techniques and show that in many cases they are indeed compatible. We demonstrate the strength of the combination in two ways. First, we present the first DL attack on 4-round Xoodyak and an extension to 5-round in the related key model. We show that the attacks are possible only by using these two techniques simultaneously. In addition, using the combination of the two techniques we improve a DL attack on 9-round DES. We show that the partitioning technique mainly reduces the time complexity, and the use of neutral bits mainly reduces the data complexity, while the combination of them reduces both the time and data complexities.
References
[1]
Data Encryption Standard, Federal Information Processing Standards publications no. 46, 1977
[2]
Aumasson J-P, Fischer S, Khazaei S, Meier W, and Rechberger C Nyberg K New features of Latin dances: analysis of salsa, ChaCha, and rumba Fast Software Encryption 2008 Heidelberg Springer 470-488
[3]
Bar-On A, Dunkelman O, Keller N, and Weizman A Ishai Y and Rijmen V DLCT: a new tool for differential-linear cryptanalysis Advances in Cryptology – EUROCRYPT 2019 2019 Cham Springer 313-342
[4]
Beierle C, Leander G, and Todo Y Micciancio D and Ristenpart T Improved differential-linear attacks with applications to ARX ciphers Advances in Cryptology – CRYPTO 2020 2020 Cham Springer 329-358
[5]
Bernstein DJ Robshaw M and Billet O The Salsa20 family of stream ciphers New Stream Cipher Designs 2008 Heidelberg Springer 84-97
[6]
Biham E and Carmeli Y Joux A and Youssef A An improvement of linear cryptanalysis with addition operations with applications to FEAL-8X Selected Areas in Cryptography – SAC 2014 2014 Cham Springer 59-76
[7]
Biham E and Chen R Franklin M Near-collisions of SHA-0 Advances in Cryptology – CRYPTO 2004 2004 Heidelberg Springer 290-305
[8]
Biham E, Dunkelman O, and Keller N Zheng Y Enhancing differential-linear cryptanalysis Advances in Cryptology — ASIACRYPT 2002 2002 Heidelberg Springer 254-266
[9]
Biham E, Dunkelman O, and Keller N Pfitzmann B The rectangle attack — rectangling the serpent Advances in Cryptology — EUROCRYPT 2001 2001 Heidelberg Springer 340-357
[10]
Biham E and Shamir A Differential cryptanalysis of DES-like cryptosystems J. Cryptol. 1991 4 1 3-72
[11]
Blondeau C, Leander G, and Nyberg K Differential-linear cryptanalysis revisited J. Cryptol. 2017 30 3 859-888
[12]
Blondeau C and Nyberg K Johansson T and Nguyen PQ New links between differential and linear cryptanalysis Advances in Cryptology – EUROCRYPT 2013 2013 Heidelberg Springer 388-404
[13]
Chabaud F and Vaudenay S De Santis A Links between differential and linear cryptanalysis Advances in Cryptology — EUROCRYPT’94 1995 Heidelberg Springer 356-365
[14]
Daemen J, Hoffert S, Van Assche G, and Van Keer R The design of Xoodoo and Xoofff IACR Trans. Symmetric Cryptol. 2018 2018 4 1-38
[15]
Daemen J, Hoffert S, Peeters M, Van Assche G, and Van Keer R Xoodyak, a lightweight cryptographic scheme IACR Trans. Symmetric Cryptol. 2020 2020 1 60-87
[16]
Daemen J and Rijmen V Honary B The wide trail design strategy Cryptography and Coding 2001 Heidelberg Springer 222-238
[17]
Dey, S., Garai, H.K., Sarkar, S., Sharma, N.K.: Revamped differential-linear cryptanalysis on reduced round ChaCha. In: Dunkelman, O., Dziembowski, S. (eds.) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. LNCS, vol. 13277, pp. 86–114. Springer, Cham (2022).
[18]
Dunkelman O, Keller N, and Shamir A A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony J. Cryptol. 2014 27 4 824-849
[19]
Kelsey J, Kohno T, and Schneier B Goos G, Hartmanis J, van Leeuwen J, and Schneier B Amplified boomerang attacks against reduced-round MARS and serpent Fast Software Encryption 2001 Heidelberg Springer 75-93
[20]
Knudsen LR and Mathiassen JE Goos G, Hartmanis J, van Leeuwen J, and Schneier B A chosen-plaintext linear attack on DES Fast Software Encryption 2001 Heidelberg Springer 262-272
[21]
Langford SK and Hellman ME Desmedt YG Differential-linear cryptanalysis Advances in Cryptology — CRYPTO ’94 1994 Heidelberg Springer 17-25
[22]
Leurent G Fischlin M and Coron J-S Improved differential-linear cryptanalysis of 7-round Chaskey with partitioning Advances in Cryptology – EUROCRYPT 2016 2016 Heidelberg Springer 344-371
[23]
Liu, F., Isobe, T., Meier, W., Yang, Z.: Algebraic Attacks on Round-Reduced Keccak/Xoodoo. IACR Cryptol. ePrint Arch., p. 346 (2020)
[24]
Liu Y, Sun S, and Li C Canteaut A and Standaert F-X Rotational cryptanalysis from a differential-linear perspective Advances in Cryptology – EUROCRYPT 2021 2021 Cham Springer 741-770
[25]
Liu Z, Gu D, Zhang J, and Li W Bao F, Yung M, Lin D, and Jing J Differential-multiple linear cryptanalysis Information Security and Cryptology 2010 Heidelberg Springer 35-49
[26]
Jiqiang L A methodology for differential-linear cryptanalysis and its applications Des. Codes Cryptogr. 2015 77 1 11-48
[27]
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (eds.) Advances in Cryptology — EUROCRYPT ’93. EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Berlin, Heidelberg (1994).
[28]
Miyaguchi S Menezes AJ and Vanstone SA The FEAL cipher family Advances in Cryptology-CRYPT0’ 90 1991 Heidelberg Springer 628-638
[29]
Mouha N, Mennink B, Van Herrewege A, Watanabe D, Preneel B, and Verbauwhede I Joux A and Youssef A Chaskey: an efficient MAC algorithm for 32-bit microcontrollers Selected Areas in Cryptography – SAC 2014 2014 Cham Springer 306-323
[30]
Nyberg K and Knudsen LR Brickell EF Provable security against differential cryptanalysis Advances in Cryptology — CRYPTO’ 92 1993 Heidelberg Springer 566-574
[31]
Selcuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21(1), 131–147 (2008)
[32]
Wagner D Knudsen L The boomerang attack Fast Software Encryption 1999 Heidelberg Springer 156-170
Recommendations
A methodology for differential-linear cryptanalysis and its applications
Differential and linear cryptanalyses are powerful techniques for analysing the security of a block cipher. In 1994 Langford and Hellman published a combination of differential and linear cryptanalysis under two default independence assumptions, known ...
A methodology for differential-linear cryptanalysis and its applications
FSE'12: Proceedings of the 19th international conference on Fast Software EncryptionIn 1994 Langford and Hellman introduced a combination of differential and linear cryptanalysis under two default independence assumptions, known as differential-linear cryptanalysis, which is based on the use of a differential-linear distinguisher ...
Differential-multiple linear cryptanalysis
Inscrypt'09: Proceedings of the 5th international conference on Information security and cryptologyDifferential-linear cryptanalysis was introduced by Langford et al in 1994. After that, Biham et al proposed an enhanced differential-linear cryptanalysis in 2002. In this paper, we present an extension to the enhanced differential-linear cryptanalysis, ...
Comments
Information & Contributors
Information
Published In
Aug 2022
484 pages
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 12 May 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Jan 2025