Linear Approximations of Addition Modulo 2n-1

Addition modulo 231 - 1 is a basic arithmetic operation in the stream cipher ZUC. For evaluating ZUC's resistance against linear cryptanalysis, it is necessary to study properties of linear approximations of the addition modulo 231 - 1. In this paper we discuss linear approximations of the addition of k inputs modulo 2n -1 for n ≥ 2. As a result, an explicit expression of the correlations of linear approximations of the addition modulo 2n -1 is given when k = 2, and an iterative expression when k > 2. For a class of special linear approximations with all masks being equal to 1, we further discuss the limit of their correlations when n goes to infinity. It is shown that when k is even, the limit is equal to zero, and when k is odd, the limit is bounded by a constant depending on k.

[1]  Kaisa Nyberg,et al.  Correlation Theorems in Cryptanalysis , 2001, Discret. Appl. Math..

[2]  Nicolas Courtois,et al.  Algebraic Description and Simultaneous Linear Approximations of Addition in Snow 2.0 , 2008, ICICS.

[3]  Johan Wallén Linear Approximations of Addition Modulo 2n , 2003, FSE.

[4]  Yingpu Deng,et al.  A Class of 1-Resilient Function with High Nonlinearity and Algebraic Immunity , 2010, IACR Cryptol. ePrint Arch..

[5]  Shai Halevi,et al.  Cryptanalysis of Stream Ciphers with Linear Masking , 2002, CRYPTO.

[6]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[7]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[8]  Kaisa Nyberg,et al.  Improved Linear Distinguishers for SNOW 2.0 , 2006, FSE.

[9]  Shiho Moriai,et al.  Efficient Algorithms for Computing Differential Properties of Addition , 2001, FSE.

[10]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[11]  Xiaoming Zhang,et al.  A general conjecture similar to T-D conjecture and its applications in constructing Boolean functions with optimal algebraic immunity , 2011, IACR Cryptol. ePrint Arch..

[12]  Xuejia Lai,et al.  On the design and security of block ciphers , 1992 .

[13]  Gérard D. Cohen,et al.  On a Conjecture about Binary Strings Distribution , 2010, SETA.

[14]  Yingpu Deng,et al.  A Conjecture on Binary String and Its Applications on Constructing Boolean Functions of Optimal Algebraic Immunity , 2009, IACR Cryptol. ePrint Arch..

[15]  Alex Biryukov,et al.  A Distinguishing Attack of SNOW 2.0 with Linear Masking Method , 2003, Selected Areas in Cryptography.

[16]  Thomas A. Berson,et al.  Differential Cryptanalysis Mod 2^32 with Applications to MD5 , 1992, EUROCRYPT.

[17]  Reto Zimmermann,et al.  Efficient VLSI implementation of modulo (2/sup n//spl plusmn/1) addition and multiplication , 1999, Proceedings 14th IEEE Symposium on Computer Arithmetic (Cat. No.99CB36336).

[18]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[19]  Alexander Maximov,et al.  Fast Computation of Large Distributions and Its Cryptographic Applications , 2005, ASIACRYPT.