Paper 2004/057

On Multiple Linear Approximations

Alex Biryukov, Christophe De Cannière, and Michael Quisquater

Abstract

In this paper we study the long standing problem of information extraction from multiple linear approximations. We develop a formal statistical framework for block cipher attacks based on this technique and derive explicit and compact gain formulas for generalized versions of Matsui's Algorithm 1 and Algorithm 2. The theoretical framework allows both approaches to be treated in a unified way, and predicts significantly improved attack complexities compared to current linear attacks using a single approximation. In order to substantiate the theoretical claims, we benchmarked the attacks against reduced-round versions of DES and observed a clear reduction of the data and time complexities, in almost perfect correspondence with the predictions. The complexities are reduced by several orders of magnitude for Algorithm 1, and the significant improvement in the case of Algorithm 2 suggests that this approach may outperform the currently best attacks on the full DES algorithm.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
linear cryptanalysismultiple linear approximationsmaximum likelihood decoding
Contact author(s)
christophe decanniere @ esat kuleuven ac be
History
2004-02-23: received
Short URL
https://ia.cr/2004/057
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2004/057,
      author = {Alex Biryukov and Christophe De Cannière and Michael Quisquater},
      title = {On Multiple Linear Approximations},
      howpublished = {Cryptology ePrint Archive, Paper 2004/057},
      year = {2004},
      note = {\url{https://eprint.iacr.org/2004/057}},
      url = {https://eprint.iacr.org/2004/057}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.