Abstract
We consider linear approximations of an iterated block cipher in the presence of several strong linear approximation trails. While the effect of such trails in Matsui’s Algorithm 2, also called the linear hull effect, has been previously studied by a number of authors, their effect on Matsui’s Algorithm 1 has not been investigated until now. The goal of this paper is to fill this gap and examine how to generalize Matsui’s Algorithm 1 to work also on linear hulls. We restrict to key-alternating ciphers and develop a mathematical framework for this kind of attacks. The complexity of the attack increases with the number of linear trails that have significant contribution to the correlation. We show how to reduce the number of trails and thus the complexity using related keys. Further, we illustrate our theory by experimental results on a reduced round version of the block cipher PRESENT.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abramowitz M., Stegun I.A.: Handbook of Mathematical Functions With Formulas, Graphs, and Mathematical Tables, 10th edn. Dover, New York (1972)
Baignères T., Vaudenay S.: The complexity of distinguishing distributions. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS., pp. 210–222. Springer, Heidelberg (2008)
Biham E., Anderson R., Knudsen L.: Serpent: A new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)
Biryukov A., De Cannière C., Quisquater M.: On multiple linear approximations. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 1–22. Springer, Heidelberg (2004)
Bogdanov A., Wang M.: Zero correlation linear cryptanalysis with reduced data complexity. In: Anne Canteaut (ed.) FSE 2012. LNCS. Springer, to appear (2012).
Bogdanov A., Knudsen L.R., Leander G., Paar C., Poschmann A., Robshaw M.J.B., Seurin Y., Vikkelsoe C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds) CHES 2007. LNCS, vol 4727, pp. 450–466. Springer, Heidelberg (2007)
Collard B., Standaert F.X.: Experimenting linear cryptanalysis. In: Junod P., Canteaut A. (eds.) Advanced Linear Cryptanalysis of Block and Stream Ciphers. IOS Press (2011). http://perso.uclouvain.be/fstandae/PUBLIS/90.pdf.
Cover T.M., Thomas J.A.: Elements of Information Theory. Wiley-Interscience, New York (1991)
Daemen J., Rijmen V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001)
Daemen J., Rijmen V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Springer, Heidelberg (2002)
Daemen J., Govaerts R., Vandewalle J.: Correlation matrices. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 275–285. Springer, Heidelberg (1995)
Hermelin M., Nyberg K.: Dependent linear approximations—the algorithm of Biryukov and others revisited. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 318–333. Springer, Heidelberg (2010)
Leander G.: On linear hulls, statistical saturation attacks, present and a cryptanalysis of puffin. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 303–322. Springer, Heidelberg (2011)
Levy B.C.: Principles of Signal Detection and Parameter Estimation. Springer, Heidelberg (2008)
Matsui M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EURORYPT 1993 LNCS, vol 765., pp. 386–397. Springer, Heidelberg (1994)
Murphy S.: The effectiveness of the linear hull effect. Report RHUL-MA-2009-19. Departmental Technical Report (2009).
Nyberg K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994 LNCS, vol 950., pp. 439–444. Springer, Heidelberg (1995)
Nyberg K.: Linear cryptanalysis using multiple linear approximations. Early Symmetric Crypto (ESC 2010) seminar, Remich, Luxembourg, 11–15 January 2010 (2011). https://cryptolux.org/mediawiki.esc/images/5/52/Esc_nyberg.pdf.
Nyberg K., Hakala R.: A key-recovery attack on SOBER-128. In: Biham E., Handschuh H., Lucks S., Rijmen V. (eds.) Symmetric Cryptography, No. 07021 in Dagstuhl Seminar Proceedings. Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2007). http://drops.dagstuhl.de/opus/volltexte/2007/1018.
Shannon C.E., Weaver W.: The Mathematical Theory of Communication. University of Illinois Press, Urbana (1949)
Author information
Authors and Affiliations
Corresponding author
Additional information
This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.
Rights and permissions
About this article
Cite this article
Röck, A., Nyberg, K. Generalization of Matsui’s Algorithm 1 to linear hull for key-alternating block ciphers. Des. Codes Cryptogr. 66, 175–193 (2013). https://doi.org/10.1007/s10623-012-9679-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-012-9679-1