Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Linear Cryptanalysis for Block Ciphers

  • Reference work entry
Encyclopedia of Cryptography and Security

Linear cryptanalysis is a powerful method of cryptanalysis of block ciphers introduced by Matsui in 1993 [1]. The attack in its current form was first applied to the Data Encryption Standard (DES), but an early variant of linear cryptanalysis, developed by Matsui and Yamagishi, was already successfully used to attack FEAL in 1992 [12]. Linear cryptanalysis is a known plaintext attack in which the attacker studies probabilistic linear relations (called linear approximations) between parity bits of the plaintext, the ciphertext, and the secret key. Given an approximation with high probability, the attacker obtains an estimate for the parity bit of the secret key by analyzing the parity bits of the known plaintexts and ciphertexts. Using auxiliary techniques he can usually extend the attack to find more bits of the secret key.

The next section provides some more details about the attack algorithm. Sections “Piling-up Lemma,” to “Provable security against linear cryptanalysis” discuss a...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Biham, E. (1995). “On Matsui's linear cryptanalysis.” Advances in Cryptology—EUROCRYRT'94, Lecture Notes in Computer Science, vol. 950, ed. A. De Santis. Springer-Verlag, Berlin, 341–355.

    Google Scholar 

  2. Biryukov, A., C. De Cannière, M. Quisquater (2004). “On Multiple Linear Approximations", Advances in Cryptology, proceedings of CRYPTO 2004, Lecture Notes in Computer Science 3152, ed. M. Franklin. Springer-Verlag, 1–22.

    Google Scholar 

  3. Desmedt, Y. ed. (1994). Advances in Cryptology—CRYPTO'94, Lecture Notes in Computer Science, vol. 839, ed. Y.G. Desmedt. Springer-Verlag, Berlin.

    Google Scholar 

  4. Harpes, C. and J.L. Massey (1997). “Partitioning cryptanalysis.” Fast Software Encryption, FSE'97, Lecture Notes in Computer Science, vol. 1267, ed. E. Biham. Springer-Verlag, Berlin, 13–27.

    Google Scholar 

  5. Hong, S., S. Lee, J. Lim, J. Sung, D. Cheon, and I. Cho (2000). “Provable security against differential and linear cryptanalysis for the SPN structure.” Proceedings of Fast Software Encryption—FSE 2000, Lecture Notes in Computer Science, vol. 1978, ed. B. Schneier. Springer-Verlag, Berlin, 273–283.

    Google Scholar 

  6. Junod, P. and S. Vaudenay (2003). “Optimal key ranking procedures in a statistical cryptanalysis.” Fast Software Encryption, FSE 2003, Lecture Notes in Computer Science, vol. 2887, ed. T. Johansson. Springer-Verlag, Berlin, 1–15.

    Google Scholar 

  7. Kaliski, B.S. and M.J. Robshaw (1994). “Linear cryptanalysis using multiple approximations.” Advances in Cryptography—CRYPTO'94, Lecture Notes in Computer Science, vol. 839, ed. Y. Desmedt. Springer-Verlag, Berlin, 26–39.

    Google Scholar 

  8. Keliher, L., H. Meijer, and S.E. Tavares (2001). “New method for upper bounding the maximum average linear hull probability for SPNs.” EUROCRYPT 2001, Lecture Notes in Computer Science, vol. 2045, ed. B. Pfitzmann. Springer-Verlag, Berlin, 420–436.

    Google Scholar 

  9. Knudsen, L.R. and J.E. Mathiassen (2001). “A chosen-plaintext linear attack on DES.” Fast Software Encryption, FSE 2000, Lecture Notes in Computer Science, vol. 1978, ed. B. Schneier. Springer-Verlag, Berlin, 262–272.

    Google Scholar 

  10. Knudsen, L.R. and W. Meier (2000). “Correlations in RC6 with a reduced number of rounds.” Proceedings of Fast Software Encryption—FSE 2000, Lecture Notes in Computer Science, vol. 1978, ed. B. Schneier. Springer-Verlag, Berlin, 94–108.

    Google Scholar 

  11. Knudsen, L.R. and M.J.B. Robshaw (1996). “Non-linear approximations in linear cryptanalysis.” Advances in Cryptology—EUROCRYPT'96, Lecture Notes in Computer Science, vol. 1070, ed. U. Maurer. Springer-Verlag, Berlin, 224–236.

    Google Scholar 

  12. Matsui, M. (1993). “Linear cryptanalysis method for DES cipher.” Advances in Cryptology—EUROCRYPT'93, Lecture Notes in Computer Science, vol. 765, ed. T. Helleseth. Springer-Verlag, Berlin, 386–397.

    Google Scholar 

  13. Matsui, M. and A. Yamagishi (1993). “A new method for known plaintext attack of FEAL cipher.” Advances in Cryptography—EUROCRYPT'92, Lecture Notes in Computer Science, vol. 658, ed. R.A. Rueppel. Springer-Verlag, Berlin, 81–91.

    Google Scholar 

  14. Matsui, M. (1994). “The first experimental cryptanalysis of the data encryption standard.” Advances in Cryptography—CRYPTO'94, Lecture Notes in Computer Science, vol. 839, ed. Y.G. Desmedt. Springer-Verlag, Berlin, 1–11.

    Google Scholar 

  15. Matsui, M. “On correlation between the order of S-boxes and the strength of DES.” Advances in Cryptology—EUROCRYPT'94, Lecture Notes in Computer Science, vol. 950, ed. A. De Santis. Springer-Verlag, Berlin, 366–375.

    Google Scholar 

  16. Nyberg, K. (1994). “Linear approximations of block ciphers.” Advances in Cryptography—EUROCRYPT'94, Lecture Notes in Computer Science, vol. 950, ed. A. De Santis. Springer-Verleg, Berlin, 439–444.

    Google Scholar 

  17. Nyberg, K. and L.R. Knudsen (1995). “Provable security against a differential attack,” Journal of Cryptology, 8 (1), 27–38.

    Article  MATH  MathSciNet  Google Scholar 

  18. Santis, A.D., ed. (1995). Advances in Cryptology—EUROCRYPT'94, Lecture Notes in Computer Science, vol. 950, ed. A. De Santis. Springer-Verlag, Berlin.

    Google Scholar 

  19. Selcuk, A.A. (2002). “On probability of success in differential and linear cryptanalysis.” Technical Report, Network Systems Lab, Department of Computer Science, Purdue University, 2002. Previously published at SCN 2002.

    Google Scholar 

  20. Shimoyama, T. and T. Kaneko (1998). “Quadratic relation of S-box and its application to the linear attack of full round des.” Advances in Cryptology—CRYPTO'98, Lecture Notes in Computer Science, vol. 1462, ed. H. Krawczyk. Springer-Verlag, Berlin, 200–211.

    Google Scholar 

  21. Shimoyama, T., S. Moriai, T. Kaneko, and S. Tsujii (1999). “Improved higher order differential attack and its application to Nyberg-Knudsen's designed block cipher.” IEICE Transactions on Fundamentals, E82-A (9), 1971–1980. http://search.ieice.or.jp/1999/files/e000a09.htm#e82-a,9,1971

    Google Scholar 

  22. Vaudenay, S. (1996). “On the weak keys of blowfish.” Fast Software Encryption, FSE'96, Lecture Notes in Computer Science, vol. 1039, ed. D. Gollmann. Springer-Verlag, Berlin, 27–32.

    Google Scholar 

  23. Vaudenay, S. (2003). “Decorrelation: A theory for block cipher security.” Journal of Cryptology, 16 (4), 249–286.

    Article  MATH  MathSciNet  Google Scholar 

  24. Wagner, D. (1999). “The boomerang attack.” In Fast Software Encryption, FSE'99, Lecture Notes in Computer Science, vol. 1636, ed. L.R. Knudsen. Springer-Verlag, Berlin, 156–170.

    Google Scholar 

Download references

Authors
  1. Alex Biryukov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christophe De Cannière
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Eindhoven University of Technology, Eindhoven, The Netherlands

    Henk C. A. van Tilborg

Rights and permissions

Reprints and permissions

Copyright information

© 2005 International Federation for Information Processing

About this entry

Cite this entry

Biryukov, A., De Cannière, C. (2005). Linear Cryptanalysis for Block Ciphers. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_233

Download citation

Publish with us

Policies and ethics

Search

Navigation