Improving the Algorithm 2 in Multidimensional Linear Cryptanalysis

In FSE'09 Hermelin et al. introduced the Algorithm 2 of multidimensional linear cryptanalysis. If this algorithm is m-dimensional and reveals l bits of the last round key with N plaintext-ciphertext pairs, then its time complexity is O(mN2l). In this paper, we show that by applying the Fast Fourier Transform and Fast Walsh Hadamard Transform to the Algorithm 2 of multidimensional linear cryptanalysis, we can reduce the time complexity of the attack to O(N + λ2m+l), where λ is 3(m + l) or 4m+3l. The resulting attacks are the best known key recovery attacks on 11-round and 12-round Serpent. The data, time, and memory complexity of the previously best known attack on 12-round Serpent are reduced by factor of 27.5, 211.7, and 27.5, respectively. This paper also simulates the experiments of the improved Algorithm 2 in multidimensional linear cryptanalysis on 5-round Serpent.

[1]  Eli Biham,et al.  Linear Cryptanalysis of Reduced Round Serpent , 2001, FSE.

[2]  Kaisa Nyberg,et al.  Multidimensional Extension of Matsui's Algorithm 2 , 2009, FSE.

[3]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[4]  Jean-Jacques Quisquater,et al.  Improving the Time Complexity of Matsui's Linear Cryptanalysis , 2007, ICISC.

[5]  Kil-Hyun Nam,et al.  Information Security and Cryptology - ICISC 2007, 10th International Conference, Seoul, Korea, November 29-30, 2007, Proceedings , 2007, ICISC.

[6]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[7]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[8]  Orr Dunkelman,et al.  A Differential-Linear Attack on 12-Round Serpent , 2008, INDOCRYPT.

[9]  N. S. Barnett,et al.  Private communication , 1969 .

[10]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[11]  Vincent Rijmen,et al.  Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings , 2008, INDOCRYPT.

[12]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[13]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[14]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[15]  Jean-Jacques Quisquater,et al.  Improved and Multiple Linear Cryptanalysis of Reduced Round Serpent , 2007, Inscrypt.

[16]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[17]  Kaisa Nyberg,et al.  A New Technique for Multidimensional Linear Cryptanalysis with Applications on Reduced Round Serpent , 2008, ICISC.

[18]  Huaxiong Wang,et al.  On Multidimensional Linear Cryptanalysis , 2010, ACISP.

[19]  Kaisa Nyberg,et al.  Multidimensional Linear Cryptanalysis of Reduced Round Serpent , 2008, ACISP.

[20]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[21]  R. Yarlagadda,et al.  Hadamard matrix analysis and synthesis: with applications to communications and signal/image processing , 1996 .

[22]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[23]  Kaisa Nyberg,et al.  Dependent Linear Approximations: The Algorithm of Biryukov and Others Revisited , 2010, CT-RSA.

[24]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[25]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.