Abstract
Linear cryptanalysis is a well-known attack based on linear approximations, and is said to be feasible for an n-bit block cipher if the data complexity is at most 2n. In this paper we consider IDEA with independent and uniformly distributed subkeys, referred to as IDEA with extended subkeys. We prove that any linear approximation of IDEA with extended subkeys, generalized to R rounds, requires at least R+[R/3] approximations to the multiply operation. We argue that the best approximations are based on approximating least significant bits in the round operations and show that the probability of selecting a key for which such a linear cryptanalysis is feasible on IDEA is approximately 2−100.
The work reported in this paper has been funded in part by the Cooperative Research Centres program through the Department of the Prime Minister and Cabinet of Australia.
Preview
Unable to display preview. Download preview PDF.
References
J. Daemen, R. Govaerts, and J. Vandewalle. Weak keys for IDEA. Advances in Cryptology, CRYPT0'93, Lecture Notes in Computer Science, vol. 773, D. Stinson ed., Springer-Verlag, pages 224–231, 1994.
C. Harpes and J.L. Kramer, G. G.and Massey. Generalisation of linear cryptanalysis and the applicability of Matsui's piling-up lemma. Advances in Cryptology, EUROCRYPT'95, Lecture Notes in Computer Science, vol. 921, L. C. Guillou, J. Quiquater ed., Springer-Verlag, pages 24–38, 1995.
B. S. Kaliski Jr. and Y. L. Yin. On differential and linear cryptanalysis of the RC5 encryption algorithm. Advances in Cryptology, CRYPTO'95, Lecture Notes in Computer Science, vol. 963, D. Coppersmith ed., Springer-Verlag, pages 171–184, 1995.
X. Lai. On the design and security of block ciphers. ETH Series in Information Processing, editor J. Massey, Hartung-Gorre Verlag Konstanz, 1992.
X. Lai, J. Massey, and S. Murphy. Markov ciphers and differential cryptanalysis. In Advances in Cryptology, EUROCRYPT'91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 17–38, 1991.
M. Matsui. Linear cryptanalysis method for DES cipher. Advances in Cryptology, EUROCRYPT'93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 386–397, 1994.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag
About this paper
Cite this paper
Hawkes, P., O'Connor, L. (1996). On applying linear cryptanalysis to IDEA. In: Kim, K., Matsumoto, T. (eds) Advances in Cryptology — ASIACRYPT '96. ASIACRYPT 1996. Lecture Notes in Computer Science, vol 1163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0034839
Download citation
DOI: https://doi.org/10.1007/BFb0034839
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61872-0
Online ISBN: 978-3-540-70707-3
eBook Packages: Springer Book Archive