Linear Properties in T-Functions
暂无分享,去创建一个
Linear equations have always been powerful tools in cryptanalysis. In this correspondence, we present a general linear equation of minimum weight 3 in F<sub>2</sub> that holds for all state lengths n and all shifts i of sequences generated by the T-function x<sub>i</sub>=x<sub>i-1</sub> <sup>2</sup>orC+x<sub>i-1</sub> mod 2<sup>n</sup> proposed by Klimov and Shamir. It is surprising that these linear properties exist, and they indicate that the sequences generated by the T-functions have more structures than claimed by Klimov and Shamir
[1] Adi Shamir,et al. New Cryptographic Primitives Based on Multiword T-Functions , 2004, FSE.
[2] Willi Meier,et al. Distinguishing Attacks on T-Functions , 2005, Mycrypt.
[3] Adi Shamir,et al. A New Class of Invertible Mappings , 2002, CHES.
[4] Adi Shamir,et al. Cryptographic Applications of T-Functions , 2003, Selected Areas in Cryptography.