Abstract
Linear cryptanalysis is an attack that derives a linear approximation between bits of the plaintext, ciphertext and key. This global approximation is constructed from the linear approximation tables of the nonlinear mappings used by the cipher, usually the S-boxes, as in the case of DES. In this paper we will describe the distribution of these tables for bijective mappings (permutations), concentrating on the expected value of the largest entry, and use our results to construct Feistel ciphers provably resistant to linear cryptanalysis.
The work reported in this paper has been funded in part by the Cooperative Research Centres program through the Department of the Prime Minister and Cabinet of Australia
Chapter PDF
Similar content being viewed by others
References
E. Biham. On Matsui's Linear Cryptanalysis. to appear, proceedings of EUROCRYPT 94, Perugia, Italy, 1994.
E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.
F. Chabaud and S. Vandenay. Links between differential and linear cryptanalysis. to appear, proceedings of EUROCRYPT 94, Perugia, Italy, 1994.
H. Feistel. Cryptography and computer privacy. Scientific American, 228(5):15–23, 1973.
H. Feistel, W. A. Notz, and J. Lynn Smith. Some cryptographic techniques for machine-to-machine data communications. proceedings of the IEEE, 63(11):1545–1554, 1975.
W. Feller. An Introduction to Probability Theory and its Applications. New York: Wiley, 3rd edition, Volume 1, 1968.
H. M. Heys and S. E. Tavares. Substitution-permutation networks resistent to differential and linear cryptanalysis. submitted to the Journal of Crytology.
K. Kim, S. Lee, S. Park, and D. Lee. DES can be immune to linear cryptanalysis. proceedings of the Workshop on Selected Areas in Cryptography, Kingston, Canada, May 1994, pages 70–81, 1994.
L. R. Knudsen. Practically secure Feistel ciphers. proceedings of Fast Software Encryption, Cambridge Security Workshop, Lecture Notes in Conputer Science, vol. 809, 1994, pages 211–221, 1994.
M. Matsui. Linear cryptanalysis of DES cipher (I). (version 1.03) private communication.
M. Matsui. Linear cryptanalysis method for DES cipher. Advances in Cryptology, EUROCRYPT 93, Lecture Notes in Computer Science, vol. 65, T. Helleseth ed., Springer-Verlag, pages 386–397, 1994.
W. Meier and O. Staffelbach. Nonlinearity criteria for cryptographic functions. Advances in Cryptology, EUROCRYPT 89, Lecture Notes in Computer Science, vol. 434, J.-J. Quisquater, J. Vandewalle eds., Springer-Verlag, pages 549–562, 1990.
L. J. O'Connor. On the distribution of characteristics in bijective mappings. Advances in Cryptology, EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 360–370, 1994.
J. Pieprzyk, C. Charnes, and Seberry J. Linear approximation versus nonlinearity. proceedings of the Workshop on Selected Areas in Cryptography, Kingston, Canada, May 1994, pages 82–89, 1994.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
O'Connor, L. (1995). Properties of linear approximation tables. In: Preneel, B. (eds) Fast Software Encryption. FSE 1994. Lecture Notes in Computer Science, vol 1008. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60590-8_10
Download citation
DOI: https://doi.org/10.1007/3-540-60590-8_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60590-4
Online ISBN: 978-3-540-47809-6
eBook Packages: Springer Book Archive