#### Filter Results:

- Full text PDF available (10)

#### Publication Year

1999

2011

- This year (0)
- Last 5 years (0)
- Last 10 years (11)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Miia Hermelin, Joo Yeon Cho, Kaisa Nyberg
- FSE
- 2009

Matsui’s one-dimensional Alg. 2 can be used for recovering bits of the last round key of a block cipher. In this paper a truly multidimensional extension of Alg. 2 based on established statistical theory is presented. Two possible methods, an optimal method based on the log-likelihood ratio and a χ2-based goodness-of-fit test are compared in theory and by… (More)

- Miia Hermelin, Joo Yeon Cho, Kaisa Nyberg
- ACISP
- 2008

Various authors have previously presented different approaches how to exploit multiple linear approximations to enhance linear cryptanalysis. In this paper we present a new truly multidimensional approach to generalise Matsui’s Algorithm 1. We derive the statistical framework for it and show how to calculate multidimensional probability distributions based… (More)

- Miia Hermelin, Kaisa Nyberg
- CT-RSA
- 2010

Biryukov, et al., showed how it is possible to extend Matsui’s Algorithm 1 to find several bits of information about the secret key of a block cipher. Instead of just one linear approximation, they used several linearly independent approximations that were assumed to be statistically independent. Biryukov, et al., also suggested a heuristic enhancement to… (More)

- Miia Hermelin
- 1999

- Miia Hermelin, Kaisa Nyberg
- ICISC
- 1999

- Joo Yeon Cho, Miia Hermelin, Kaisa Nyberg
- ICISC
- 2008

In this paper, we present a new technique for Matsui’s algorithm 2 using multidimensional linear approximation. We show that the data complexity of the attack can be reduced significantly by our method even when the linear hull effect is present. We apply our method to the key recovery attack on 5-round Serpent and demonstrate that our attack is superior to… (More)

- Miia Hermelin, Joo Yeon Cho, Kaisa Nyberg
- Symmetric Cryptography
- 2009

In one dimension, there is essentially just one binomially distributed statistic, bias or correlation, for testing correctness of a key bit in Matsui’s Algorithm 1. In multiple dimensions, different statistical approaches for finding the correct key candidate are available. The purpose of this work is to investigate the efficiency of such test in theory and… (More)

- K. Nyberg, M. Hermelin
- 2007 IEEE Information Theory Workshop on…
- 2007

In this paper, a multidimensional Walsh transform is used to obtain a characterization of vector-valued bent function in terms of the value distributions of the translates of the function by linear functions.

- Miia Hermelin, Kaisa Nyberg
- Cryptography and Communications
- 2011

Linear cryptanalysis and linear approximation methods in general are among the most important cryptanalysis methods of symmetric ciphers and their components. Recently, these methods have been extended to efficiently exploit multiple linear approximations simultaneously. It is known that high nonlinearity of Boolean functions and S-boxes is a desirable… (More)

- Miia Hermelin, Kaisa Nyberg
- IACR Cryptology ePrint Archive
- 2011

In this article, the theory of multidimensional linear attacks on block ciphers is developed and the basic attack algorithms and their complexity estimates are presented. As an application the multidimensional linear distinguisher derived by Cho for the block cipher PRESENT is discussed in detail.