Related-Key Linear Cryptanalysis

A coding theory framework for related-key linear cryptanalytic attacks on block ciphers is presented. It treats linear cryptanalysis as communication over a low capacity channel, and a related key attack (RKA) as a concatenated code. It is used to show that an RKA, using n related keys generated from k independent ones, can improve the amortized cost - in number of plaintext-ciphertext pairs per key bit determined over that of k single key attacks, of any linear cryptanalysis, if k and n are large enough. The practical implications of this result are demonstrated through the design of an RKA, with k=5 and n=7, predicted to produce a 29% improvement for DES attacks that use an r-1 round approximation

[1]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[2]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[3]  David A. Wagner Towards a Unifying View of Block Cipher Cryptanalysis , 2004, FSE.

[4]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[5]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[6]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[7]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[8]  Bruce Schneier,et al.  Related-Key Cryptanalysis of 3-WAY , 1997 .

[9]  Eric Filiol,et al.  Plaintext-dependant Repetition Codes Cryptanalysis of Block Ciphers - The AES Case , 2003, IACR Cryptol. ePrint Arch..

[10]  Serge Vaudenay,et al.  An experiment on DES statistical cryptanalysis , 1996, CCS '96.

[11]  Howard M. Heys,et al.  A TUTORIAL ON LINEAR AND DIFFERENTIAL CRYPTANALYSIS , 2002, Cryptologia.

[12]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[13]  M HeysHoward A tutorial on linear and differential cryptanalysis , 2002 .

[14]  Sean Murphy,et al.  Likelihood Estimation for Block Cipher Keys , 2006 .

[15]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.