Conditional Linear Cryptanalysis - Cryptanalysis of DES with Less Than 242 Complexity

In this paper we introduce a new extension of linear cryptanalysis that may reduce the complexity of attacks by conditioning linear approximations on other linear approximations. We show that the bias of some linear approximations may increase under such conditions, so that after discarding the known plaintexts that do not satisfy the conditions, the bias of the remaining known plaintexts increases. We show that this extension can lead to improvements of attacks, which may require fewer known plaintexts and time of analysis. We present several types of such conditions, including one that is especially useful for the analysis of Feistel ciphers. We exemplify the usage of such conditions for attacks by a careful application of our extension to Matsui’s attack on the full 16-round DES, which succeeds to reduce the complexity of the best attack on DES to less than 242. We programmed a test implementation of our attack and verified our claimed results with a large number of runs. We also introduce a new type of approximations, to which we call scattered approximations, and discuss its applications.

[1]  Jean-Jacques Quisquater,et al.  Improving the Time Complexity of Matsui's Linear Cryptanalysis , 2007, ICISC.

[2]  Adi Shamir,et al.  On the Security of DES , 1985, CRYPTO.

[3]  Lars R. Knudsen,et al.  DES-X (or DESX) , 2005, Encyclopedia of Cryptography and Security.

[4]  Eli Biham,et al.  An Improvement of Davies' Attack on DES , 1994, EUROCRYPT.

[5]  Eli Biham,et al.  Differential Cryptanalysis of Lucifer , 1993, CRYPTO.

[6]  Eli Biham,et al.  On Matsui's Linear Cryptanalysis , 1994, EUROCRYPT.

[7]  Andrey Bogdanov,et al.  Linear Cryptanalysis of DES with Asymmetries , 2017, IACR Cryptol. ePrint Arch..

[8]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[9]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[10]  Pascal Junod On the Complexity of Matsui's Attack , 2001, Selected Areas in Cryptography.

[11]  Ronald L. Rivest,et al.  Introduction to Algorithms, Second Edition , 2001 .

[12]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[13]  Kaisa Nyberg,et al.  Multidimensional Extension of Matsui's Algorithm 2 , 2009, FSE.

[14]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[15]  Shoji Miyaguchi,et al.  Fast Data Encipherment Algorithm FEAL , 1987, EUROCRYPT.

[16]  Toshinobu Kaneko,et al.  Quadratic Relation of S-box and Its Application to the Linear Attack of Full Round DES , 1998, CRYPTO.

[17]  Serge Vaudenay,et al.  An experiment on DES statistical cryptanalysis , 1996, CCS '96.

[18]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[19]  Eli Biham,et al.  An Improvement of Linear Cryptanalysis with Addition Operations with Applications to FEAL-8X , 2014, Selected Areas in Cryptography.