Abstract
In this paper a new variant of the linear cryptanalysis method for block ciphers is proposed. It is based on the existing method of multidimensional linear cryptanalysis, but offers the option of discarding a whole half-space of linear approximations that do not contribute to statistical nonrandomness of the multidimensional linear cryptanalysis, and keep only the information extracted from an affine subspace for statistical inference. Also the connections of the new affine cryptanalysis with conditional linear cryptanalysis and multiple linear cryptanalysis are described and demonstrated in the context of state-of-the-art ciphers.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Biham, E., Perle, S.: Conditional linear cryptanalysis. Presentation at Romanian Cryptology Days, Bucharest Romania (2017)
Blondeau, C., Nyberg, K.: Improved parameter estimates for correlation and capacity deviates in linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2016(2), 162–191 (2017)
Bogdanov, A., Tischhauser, E., Vejre, P.S.: Multivariate linear cryptanalysis: The past and future of PRESENT. Version 5 July 2016. IACR Cryptology ePrint Archive 2016, 667 (2016)
Bogdanov, A., Tischhauser, E., Vejre, P.S.: Multivariate profiling of hulls for linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2018(1), 101–125 (2018)
Cho, J.Y.: Topics in Cryptology - CT-RSA 2010. In: Pieprzyk, J. (ed.) The Cryptographers Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. volume 5985 of Lecture Notes in Computer Science, pp. 302-317. Springer (2010)
Drost, F.C., Kallenberg, W.C.M., Moore, D.S., Oosterhoff, J.: Power approximations to multinomial tests of fit. J. Amer. Stat. Assoc. 84(405), 130–141 (1989)
Hermelin, M., Cho, J.Y., Nyberg, K.: Multidimensional Extension of Matsui’s Algorithm 2. In: Dunkelman, O. (ed.) Fast Software Encryption, 16th International Workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009, volume 5665 of Lecture Notes in Computer Science, pp. 209–227. Springer (2009)
Matsui, M.: The First Experimental Cryptanalysis of the Data Encryption Standard. In: Desmedt, Y. (ed.) 14th Annual International Cryptology Conference of the Advances in Cryptology - CRYPTO ’94, Santa Barbara, California, USA, August 21-25, 1994, volume 839 of Lecture Notes in Computer Science, pp. 1–11. Springer (1994)
Murphy, S.: The independence of linear approximations in symmetric cryptanalysis. IEEE Trans. Inf. Theory 52(12), 5510–5518 (2006)
Ohkuma, K.: Weak keys of reduced-round present for linear cryptanalysis. In: Jacobson Jr, M., Rijmen, V., Safavi-Naini, R. (eds.) Selected Areas in Cryptography, 16th Annual International Workshop, SAC 2009, Calgary, Alberta, Canada, August 13-14, 2009. Revised Selected Papers, volume 5867 of Lecture Notes in Computer Science, pp. 249–265. Springer (2009)
Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptology 21(1), 131–147 (2008)
Acknowledgements
I wish to thank Eli Biham for discussions related to conditional linear cryptanalysis and Céline Blondeau for suggestions how to improve the presentation. Also the comments by anonymous reviewers are gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection on Special Issue: Mathematical Methods for Cryptography
Rights and permissions
About this article
Cite this article
Nyberg, K. Affine linear cryptanalysis. Cryptogr. Commun. 11, 367–377 (2019). https://doi.org/10.1007/s12095-018-0325-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-018-0325-2
Keywords
- Block cipher
- Linear cryptanalysis
- Linear approximation
- Multidimensional linear cryptanalysis
- Multiple linear cryptanalysis
- Conditional linear cryptanalysis