Abstract
Matsui introduced the concept of linear cryptanalysis. Originally only one active S-box per round was used. Later he and Biham proposed linear cryptanalysis with more than one active S-box per round. They combine equations with the Piling-up Lemma which requires independent random input variables. This requirement is not met for neighbouring S-boxes, because they share input bits. In this paper we study the error resulting from this application of the Piling-up Lemma. We give statistical evidence that the errors are severe. On the other hand we show that the Piling-up Lemma gives the correct probabilities for Matsui's Type II approximation.
Chapter PDF
Similar content being viewed by others
References
Eli Biham. On Matsui's linear cryptanalysis. In Pre-proceedings of Eurocrypt '94, pages 349–361, 1994.
Mitsuru Matsui. Linear cryptanalysis of DES cipher (I) (Version 1.03). Preprint.
Mitsuru Matsui. Linear cryptanalysis method for DES cipher. In Advances in Cryptology — Eurocrypt '93, number 765 in Lecture Notes in Computer Science, pages 386–397. Springer-Verlag, 1993.
Mitsuru Matsui. On correlation between the order of S-boxes and the strength of DES. In Pre-proceedings of Eurocrypt '94, pages 377–387, 1994.
National Bureau of Standards. Data Encryption Standard. FIPS Publ. 46, Washington, DC, 1977.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blöcher, U., Dichtl, M. (1995). Problems with the linear cryptanalysis of DES using more than one active S-box per round. In: Preneel, B. (eds) Fast Software Encryption. FSE 1994. Lecture Notes in Computer Science, vol 1008. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60590-8_20
Download citation
DOI: https://doi.org/10.1007/3-540-60590-8_20
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60590-4
Online ISBN: 978-3-540-47809-6
eBook Packages: Springer Book Archive