论文信息 - Key-Dependent Approximations in Crypt-analysis

Key-Dependent Approximations in Crypt-analysis

Linear cryptanalysis is a powerful cryptanalytic technique that makes use of a linear approximation over some rounds of a cipher, combined with one (or two) round(s) of key guess. This key guess is usually performed by a partial decryption over every possible key. In this paper, we investigate a particular class of non-linear boolean functions that allows to mount key-dependent approximations of s-boxes. Replacing the classical key guess by these key-dependent approximations allows to quickly distinguish a set of keys including the correct one. By combining different relations, we can make up a system of equations whose solution is the correct key. The resulting attack allows larger flexibility and improves the success rate in some contexts. We apply it to the block cipher Q. In parallel, we propose a chosen-plaintext attack against Q that reduces the required number of plaintext-ciphertext pairs from 2 to 2.

[1] Matthew J. B. Robshaw,et al. Non-Linear Approximations in Linear Cryptanalysis , 1996, EUROCRYPT.

[2] Eli Biham,et al. Serpent: A Flexible Block Cipher With Maximum Assurance , 1998 .

[3] Lars R. Knudsen,et al. DES-X (or DESX) , 2005, Encyclopedia of Cryptography and Security.

[4] Alex Biryukov,et al. Block Ciphers and Systems of Quadratic Equations , 2003, FSE.

[5] Henk Meijer,et al. High Probability Linear Hulls in Q , 2004 .

[6] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[7] Henk Meijer,et al. New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs , 2001, EUROCRYPT.

[8] Kaisa Nyberg,et al. Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[9] Matthew G. Parker,et al. Generalised S-Box Nonlinearity , 2003 .

[10] Matthew J. B. Robshaw,et al. Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.