Abstract
The linear cryptanalysis proposed by Matsui is one of the most effective attacks on block ciphers, and he demonstrated an experimental cryptanalysis against DES at CRYPTO 1994. In this paper, we show how to optimize the linear cryptanalysis on modern microprocessors. Nowadays, there are two methods of implementing the linear cryptanalysis. Method 1 reduces the time complexity by reducing the number of computations of round functions, and Method 2 applies the fast Fourier transform (FFT). We implement both methods optimized for modern microprocessors and compare them in terms of computation time so as to discover which method is more appropriate for practical cryptanalysis. From the results of comparative experiments, we show that the fastest implementation depends on the number of given known plaintexts (KPs) and that of guessed key bits. These results clarify the criteria for selecting the method to implement the linear cryptanalysis. Taking the experimental results into account, we implement the linear cryptanalysis on FEAL-8X. In 2014, Biham and Carmeli showed an implementation of linear cryptanalysis that was able to recover the secret key with \(2^{14}\) KPs. Our implementation breaks FEAL-8X with \(2^{12}\) KPs and is the best attack on FEAL-8X in terms of data complexity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aoki, K., Ohta, K., Araki, S., Mitsuru, M.: Linear Cryptanalysis of FEAL-8 (Experimentation Report). Technical Report, ISEC 94–6 (1994–05), IEICE (1994)
Biham, E., Carmeli, Y.: An improvement of linear cryptanalysis with addition operations with applications to FEAL-8X. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, pp. 59–76. Springer, Heidelberg (2014)
Bogdanov, A., Geng, H., Wang, M., Wen, L., Collard, B.: Zero-correlation linear cryptanalysis with FFT and improved attacks on ISO standards Camellia and CLEFIA. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 306–323. Springer, Heidelberg (2014)
Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improving the time complexity of matsui’s linear cryptanalysis. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007)
Hermelin, M., Nyberg, K.: Dependent linear approximations: the algorithm of Biryukov and others revisited. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 318–333. Springer, Heidelberg (2010)
Kaliski Jr., B.S., Robshaw, M.: Linear cryptanalysis using multiple approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994)
Kaliski Jr., B.S., Robshaw, M.J.B.: Linear cryptanalysis using multiple approximations and FEAL. In: Preneel, B. (ed.) Fast Software Encryption. LNCS, vol. 1008, pp. 249–264. Springer, Heidelberg (1995)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Matsui, M.: The first experimental cryptanalysis of the data encryption standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994)
Matsui, M.: Celebrating the 25th year of FEAL - A New Prize Problem - (2012), CRYPTO 2012 Rump Session (2012). http://crypto.2012.rump.cr.yp.to/19997d5a295baee62c05ba73534745ef.pdf
Matsui, M., Yamagishi, A.: A new method for known plaintext attack of FEAL cipher. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993)
Miyaguchi, S.: The FEAL cipher family. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 627–637. Springer, Heidelberg (1991)
Nguyen, P.H., Wei, L., Wang, H., Ling, S.: On multidimensional linear cryptanalysis. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 37–52. Springer, Heidelberg (2010)
Nguyen, P.H., Wu, H., Wang, H.: Improving the algorithm 2 in multidimensional linear cryptanalysis. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 61–74. Springer, Heidelberg (2011)
Todo, Y., Aoki, K.: FFT key recovery for integral attack. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) Cryptology and Network Security. LNCS, vol. 8813, pp. 64–81. Springer, Heidelberg (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Six-Round Linear Approximations
A Six-Round Linear Approximations
We utilize eight six-round linear approximations to attack FEAL-8X (see Fig. 6). Figure 6 shows the linear approximations, where \(\mathrm \Gamma X_3 = \Gamma Y_3 = \mathtt{0x00000000}\), \(\mathrm \Gamma Y_2 = \Gamma Y_4\), \(\mathrm \Gamma Y_1 = \Gamma Y_5\), \(\mathrm \Gamma X_2 = \Gamma X_4\), and \(\mathrm \Gamma X_1 = \Gamma X_5\) hold. Let \(\mathrm{\Gamma X}_i\) \((i = 1, 2, \dots , 6)\) and \(\mathrm{\Gamma Y}_i\) \((i = 1, 2, \dots , 6)\) be an input mask and an output mask of \(i\)th round, respectively. These approximations are found by Aoki, et al. in [1]. Every approximation has the same effective key bits, which are 14 bits (0x007F7F 00) of \(mK_1\), XORed value of the 2 bits (0x00808000) of \(mK_1\), and 22 bits (0x03FFFF0F) of \(mK_8\).
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sakikoyama, S., Todo, Y., Aoki, K., Morii, M. (2015). How Much Can Complexity of Linear Cryptanalysis Be Reduced?. In: Lee, J., Kim, J. (eds) Information Security and Cryptology - ICISC 2014. ICISC 2014. Lecture Notes in Computer Science(), vol 8949. Springer, Cham. https://doi.org/10.1007/978-3-319-15943-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-15943-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15942-3
Online ISBN: 978-3-319-15943-0
eBook Packages: Computer ScienceComputer Science (R0)