On applying linear cryptanalysis to IDEA

Hawkes, Philip; O'Connor, Luke

doi:10.1007/BFb0034839

Philip Hawkes¹ &
Luke O'Connor²

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1163))

Included in the following conference series:

International Conference on the Theory and Application of Cryptology and Information Security

249 Accesses
13 Citations

Abstract

Linear cryptanalysis is a well-known attack based on linear approximations, and is said to be feasible for an n-bit block cipher if the data complexity is at most 2ⁿ. In this paper we consider IDEA with independent and uniformly distributed subkeys, referred to as IDEA with extended subkeys. We prove that any linear approximation of IDEA with extended subkeys, generalized to R rounds, requires at least R+[R/3] approximations to the multiply operation. We argue that the best approximations are based on approximating least significant bits in the round operations and show that the probability of selecting a key for which such a linear cryptanalysis is feasible on IDEA is approximately 2⁻¹⁰⁰.

The work reported in this paper has been funded in part by the Cooperative Research Centres program through the Department of the Prime Minister and Cabinet of Australia.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

J. Daemen, R. Govaerts, and J. Vandewalle. Weak keys for IDEA. Advances in Cryptology, CRYPT0'93, Lecture Notes in Computer Science, vol. 773, D. Stinson ed., Springer-Verlag, pages 224–231, 1994.
Google Scholar
C. Harpes and J.L. Kramer, G. G.and Massey. Generalisation of linear cryptanalysis and the applicability of Matsui's piling-up lemma. Advances in Cryptology, EUROCRYPT'95, Lecture Notes in Computer Science, vol. 921, L. C. Guillou, J. Quiquater ed., Springer-Verlag, pages 24–38, 1995.
Google Scholar
B. S. Kaliski Jr. and Y. L. Yin. On differential and linear cryptanalysis of the RC5 encryption algorithm. Advances in Cryptology, CRYPTO'95, Lecture Notes in Computer Science, vol. 963, D. Coppersmith ed., Springer-Verlag, pages 171–184, 1995.
Google Scholar
X. Lai. On the design and security of block ciphers. ETH Series in Information Processing, editor J. Massey, Hartung-Gorre Verlag Konstanz, 1992.
Google Scholar
X. Lai, J. Massey, and S. Murphy. Markov ciphers and differential cryptanalysis. In Advances in Cryptology, EUROCRYPT'91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 17–38, 1991.
Google Scholar
M. Matsui. Linear cryptanalysis method for DES cipher. Advances in Cryptology, EUROCRYPT'93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 386–397, 1994.
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Mathematics, University of Queensland, Brisbane, Australia
Philip Hawkes
Distributed Systems Technology Centre (DSTC), Brisbane, Australia
Luke O'Connor

Authors

Philip Hawkes
View author publications
You can also search for this author in PubMed Google Scholar
Luke O'Connor
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Kwangjo Kim Tsutomu Matsumoto

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hawkes, P., O'Connor, L. (1996). On applying linear cryptanalysis to IDEA. In: Kim, K., Matsumoto, T. (eds) Advances in Cryptology — ASIACRYPT '96. ASIACRYPT 1996. Lecture Notes in Computer Science, vol 1163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0034839

Download citation

DOI: https://doi.org/10.1007/BFb0034839
Published: 26 June 2005
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61872-0
Online ISBN: 978-3-540-70707-3
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics