Integral and Multidimensional Linear Distinguishers with Correlation Zero

Zero-correlation cryptanalysis uses linear approximations holding with probability exactly 1/2. In this paper, we reveal fundamental links of zero-correlation distinguishers to integral distinguishers and multidimensional linear distinguishers. We show that an integral implies zero-correlation linear approximations and that a zero-correlation linear distinguisher is actually a special case of multidimensional linear distinguishers. These observations provide new insight into zero-correlation cryptanalysis which is illustrated by attacking a Skipjack variant and round-reduced CAST-256 without weak key assumptions.

[1]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[2]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[3]  Changhui Hu,et al.  New Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256 , 2008, Selected Areas in Cryptography.

[4]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[5]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[6]  Alexander Maximov,et al.  Attack the Dragon , 2005, INDOCRYPT.

[7]  Claude Carlet,et al.  Boolean Functions for Cryptography and Error-Correcting Codes , 2010, Boolean Models and Methods.

[8]  Kaisa Nyberg,et al.  Multidimensional Extension of Matsui's Algorithm 2 , 2009, FSE.

[9]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[10]  Andrey Bogdanov,et al.  Zero Correlation Linear Cryptanalysis with Reduced Data Complexity , 2012, FSE.

[11]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[12]  Kaisa Nyberg,et al.  Multidimensional Linear Cryptanalysis of Reduced Round Serpent , 2008, ACISP.

[13]  Toshinobu Kaneko,et al.  Differential Cryptanalysis of CAST-256 Reduced to Nine Quad-Rounds , 2001 .

[14]  W. Marsden I and J , 2012 .

[15]  Vincent Rijmen,et al.  Linear hulls with correlation zero and linear cryptanalysis of block ciphers , 2014, Des. Codes Cryptogr..

[16]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[17]  David A. Wagner,et al.  On the Structure of Skipjack , 2001, Discret. Appl. Math..

[18]  Stefan Lucks The Saturation Attack - A Bait for Twofish , 2000, FSE.

[19]  David A. Wagner,et al.  Truncated Differentials and Skipjack , 1999, CRYPTO.

[20]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[21]  Vincent Rijmen,et al.  Two Attacks on Reduced IDEA , 1997, EUROCRYPT.

[22]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[23]  Kaisa Nyberg,et al.  Linear Cryptanalysis Using Multiple Linear Approximations , 2011, IACR Cryptol. ePrint Arch..

[24]  Gregor Leander,et al.  On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN , 2011, EUROCRYPT.

[25]  Eli Biham,et al.  Miss in the Middle Attacks on IDEA and Khufu , 1999, FSE.