How Far Can We Go Beyond Linear Cryptanalysis?

Several generalizations of linear cryptanalysis have been proposed in the past, as well as very similar attacks in a statistical point of view. In this paper, we define a rigorous general statistical framework which allows to interpret most of these attacks in a simple and unified way. Then, we explicitely construct optimal distinguishers, we evaluate their performance, and we prove that a block cipher immune to classical linear cryptanalysis possesses some resistance to a wide class of generalized versions, but not all. Finally, we derive tools which are necessary to set up more elaborate extensions of linear cryptanalysis, and to generalize the notions of bias, characteristic, and piling-up lemma.

[1]  Matthew J. B. Robshaw,et al.  Non-Linear Approximations in Linear Cryptanalysis , 1996, EUROCRYPT.

[2]  Chae Hoon Lim,et al.  A Revised Version of Crypton - Crypton V1.0 , 1999, FSE.

[3]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[4]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[5]  Mitsuru Matsui,et al.  New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis , 1996, FSE.

[6]  Thomas Jakobsen Higher-Order Cryptanalysis of Block Ciphers , 1999 .

[7]  Joos Vandewalle,et al.  Correlation Matrices , 1994, FSE.

[8]  Carlo Harpes,et al.  Partitioning Cryptanalysis , 1997, FSE.

[9]  Marine Minier,et al.  Stochastic Cryptanalysis of Crypton , 2000, FSE.

[10]  Serge Vaudenay,et al.  Optimal Key Ranking Procedures in a Statistical Cryptanalysis , 2003, FSE.

[11]  Serge Vaudenay,et al.  Cryptanalysis of Bluetooth Keystream Generator Two-Level E0 , 2004, ASIACRYPT.

[12]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[13]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[14]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[15]  Serge Vaudenay,et al.  An experiment on DES statistical cryptanalysis , 1996, CCS '96.

[16]  Sean Murphy,et al.  Likelihood Estimation for Block Cipher Keys , 2006 .

[17]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[18]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[19]  Serge Vaudenay,et al.  Faster Correlation Attack on Bluetooth Keystream Generator E0 , 2004, CRYPTO.

[20]  Helena Handschuh,et al.  x2 Cryptanalysis of the SEAL Encryption Algorithm , 1997, FSE.

[21]  Shai Halevi,et al.  Cryptanalysis of Stream Ciphers with Linear Masking , 2002, CRYPTO.

[22]  Chae Hoon Lim,et al.  CRYPTON: A New 128-bit Block Cipher - Specification and Analysis , 1998 .

[23]  Carlo Harpes,et al.  Bounds On Non-Uniformity Measures For Generalized Linear Cryptanalysis And Partitioning Cryptanalysi , 1996 .

[24]  Pascal Junod,et al.  On the Optimality of Linear, Differential, and Sequential Distinguishers , 2003, EUROCRYPT.

[25]  Thomas M. Cover,et al.  Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing) , 2006 .

[26]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.

[27]  Henri Gilbert,et al.  A Known Plaintext Attack of FEAL-4 and FEAL-6 , 1991, CRYPTO.

[28]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[29]  Toshinobu Kaneko,et al.  Quadratic Relation of S-box and Its Application to the Linear Attack of Full Round DES , 1998, CRYPTO.

[30]  Bruce Schneier,et al.  Mod n Cryptanalysis, with Applications Against RC5P and M6 , 1999, FSE.

[31]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[32]  Serge Vaudenay,et al.  On the Security of CS-Cipher , 1999, FSE.

[33]  David A. Wagner Towards a Unifying View of Block Cipher Cryptanalysis , 2004, FSE.