Skip to main content
SpringerLink
Log in

Improving algorithm 2 in multidimensional (zero-correlation) linear cryptanalysis using \(\chi ^2\)-method

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

The multidimensional linear cryptanalysis and the multidimensional zero-correlation linear cryptanalysis have been widely used in the attacks on block ciphers. In the multidimensional linear cryptanalysis with \(\chi ^2\)-method and the multidimensional zero-correlation linear cryptanalysis, the statistics used to distinguish the right key and wrong keys are calculated from the probability distribution of multidimensional (zero-correlation) linear approximations. In this paper, we show that the statistics can be computed directly from the empirical correlations of multidimensional (zero-correlation) linear approximations for random plaintext set. In this way, the computation cost of the probability distribution can be removed. In the situation where FFT technique can be applied to calculate the correlations, our proposed computing method for the statistics can decrease the time complexity of multidimensional (zero-correlation) linear cryptanalysis. As an illustration, the Feistel network with bijective round functions consisting of the modular additions or XORs with subkeys and CAST-256 have been attacked with our revised multidimensional zero-correlation linear cryptanalysis. Our attacks on such kind of Feistel networks are the best according to the number of rounds and we improved the previous multidimensional zero-correlation attack on CAST-256 from 28 to 29 rounds. Compared with the best attack on 29-round CAST-256 with multiple zero-correlation linear cryptanalysis method, our attack leads to the same complexity but without any assumption of independence. Therefore our attack on CAST-256 is the best attack without any assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Adams C.M.: The CAST-256 Encryption Algorithm. AES Proposal (1998).

  2. Bays A., Huang J., Vaudenay S.: Improved linear cryptanalysis of reduced-round MIBS. In: IWSEC 2014. LNCS, vol. 8639, pp. 204–220. Springer, Heidelberg (2014).

  3. Biryukov A., De Cannière C., Quisquater M.: On multiple linear approximations. In: CRYPTO 2004. LNCS, vol. 3152, pp. 1–22. Springer, Heidelberg (2004).

  4. Bogdanov A., Rijmen V.: Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Cryptogr. 70, 369–383 (2014).

  5. Bogdanov A., Wang M.: Zero-correlation linear cryptanalysis with reduced data complexity. In: FSE 2012. LNCS, vol. 7549, pp. 29–48. Springer, Heidelberg (2012).

  6. Bogdanov A., Leander G., Nyberg K., Wang M.: Integral and multidimensional linear distinguishers with correlation zero. In: ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012).

  7. Bogdanov A., Geng H., Wang M., Wen L., Collard B.: Zero-correlation linear cryptanalysis with FFT and improved attacks on ISO standards Camellia and CLEFIA. In: SAC 2013. LNCS, vol. 8282, pp. 306–323. Springer, Heidelberg (2014).

  8. Collard B., Standaert F.-X., Quisquater J.-J.: Improving the time complexity of Matsui’s linear cryptanalysis. In: ICISC 2007. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007).

  9. Guo J., Jean J., Nikolic I., Sasaki Y.: Meet-in-the-middle attacks on generic feistel constructions. In: ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 458–477. Springer, Heidelberg (2014).

  10. Hermelin M., Nyberg K.: Dependent linear approximations: the algorithm of Biryukov and others revisited. In: CT-RSA 2010. LNCS, vol. 5985, pp. 318–333. Springer, Heidelberg (2010).

  11. Hermelin M., Cho J.Y., Nyberg K.: Multidimensional linear cryptanalysis of reduced round serpent. In: ACISP 2008. LNCS, vol. 5107, pp. 203–215. Springer, Heidelberg (2008).

  12. Hermelin M., Cho J.Y., Nyberg K.: Multidimensional extension of Matsui’s algorithm 2. In: FSE 2009. LNCS, vol. 5665, pp. 209–227. Springer, Heidelberg (2009).

  13. Isobe T., Shibutani K.: All subkeys recovery attack on block ciphers: extending meet-in-the-middle approach. In: SAC 2012. LNCS, vol. 7707, pp. 202–221. Springer, Heidelberg (2013).

  14. Isobe T., Shibutani K.: Generic key recovery attack on feistel scheme. In: ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 464–485. Springer, Heidelberg (2013).

  15. Kaliski B.S., Robshaw M.J.B.: Linear cryptanalysis using multiple approximations. In: CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994).

  16. Knudsen L.R.: The security of feistel ciphers with six rounds or less. J. Cryptol. 15, 207–222 (2002).

  17. Luby M., Rackoff C.: How to construct pseudorandom permutations and pseudorandom functions. SIAM J. Comput. 17, 373–386 (1988).

  18. Matsui M.: Linear cryptanalysis method for DES cipher. In: Eurocrypt 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1993).

  19. Matsui M.: The first experimental cryptanalysis of the data encryption standard. In: CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994).

  20. Nakahara J., Rasmussen M.: Linear analysis of reduced-round CAST-128 and CAST-256. SBSEG 2007, 45–55 (2007).

  21. National Soviet Bureau of Standards: Information Processing System—Cryptographic Protection—Cryptographic Algorithm GOST. pp. 28147–28189 (1989).

  22. Nguyen P.H., Wu H., Wang H.: Improving the algorithm 2 in multidimensional linear cryptanalysis. In: ACISP 2011. LNCS, vol. 6812, pp. 61–74. Springer, Heidelberg (2011).

  23. Schneier B., Kelsey J., Whiting D., Wagner D., Hall C.: Twofish: a 128-bit block cipher. http://www.schneier.com/paper-twofish-paper.

  24. Seki H., Kaneko T.: Differential cryptanalysis of CAST-256 reduced to nine quad-rounds. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E84-A(4), 913–918 (2001).

  25. Todo Y.: Upper bounds for the security of several feistel networks. In: ACISP. LNCS, vol. 7959, pp. 302–317. Springer, Heidelberg (2013).

  26. Wagner D.: The boomerang attack. In: FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999).

  27. Wang M., Wang X., Hu C.: New linear cryptanalytic results of reduced-round of CAST-128 and CAST-256. In: SAC 2008. LNCS, vol. 5381, pp. 429–441. Springer, Heidelberg (2009).

  28. Wen L., Wang M., Bogdanov A., Chen H.: General application of FFT in cryptanalysis and improved attack on CAST-256. In: INDOCRYPT 2014. LNCS, vol. 8885, pp. 161–176. Springer, Heidelberg (2014).

Download references

Acknowledgments

This work has been supported by 973 Program (No. 2013CB834205), NSFC Projects (No. 61133013, No. 61103237), Program for New Century Excellent Talents in University of China (NCET-13-0350).

Author information

Authors and Affiliations

  1. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, 250100, China

    Huaifeng Chen, Tingting Cui & Meiqin Wang

  2. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Meiqin Wang

Authors
  1. Huaifeng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tingting Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meiqin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Meiqin Wang.

Additional information

Communicated by C. Carlet.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, H., Cui, T. & Wang, M. Improving algorithm 2 in multidimensional (zero-correlation) linear cryptanalysis using \(\chi ^2\)-method. Des. Codes Cryptogr. 81, 523–540 (2016). https://doi.org/10.1007/s10623-016-0175-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-016-0175-x

Keywords

Mathematics Subject Classification

Search

Navigation