- Full text PDF available (10)
- This year (0)
- Last 5 years (0)
- Last 10 years (11)
Journals and Conferences
Matsui’s one-dimensional Alg. 2 can be used for recovering bits of the last round key of a block cipher. In this paper a truly multidimensional extension of Alg. 2 based on established statistical theory is presented. Two possible methods, an optimal method based on the log-likelihood ratio and a χ2-based goodness-of-fit test are compared in theory and by… (More)
Various authors have previously presented different approaches how to exploit multiple linear approximations to enhance linear cryptanalysis. In this paper we present a new truly multidimensional approach to generalise Matsui’s Algorithm 1. We derive the statistical framework for it and show how to calculate multidimensional probability distributions based… (More)
Biryukov, et al., showed how it is possible to extend Matsui’s Algorithm 1 to find several bits of information about the secret key of a block cipher. Instead of just one linear approximation, they used several linearly independent approximations that were assumed to be statistically independent. Biryukov, et al., also suggested a heuristic enhancement to… (More)
In this paper, we present a new technique for Matsui’s algorithm 2 using multidimensional linear approximation. We show that the data complexity of the attack can be reduced significantly by our method even when the linear hull effect is present. We apply our method to the key recovery attack on 5-round Serpent and demonstrate that our attack is superior to… (More)
In one dimension, there is essentially just one binomially distributed statistic, bias or correlation, for testing correctness of a key bit in Matsui’s Algorithm 1. In multiple dimensions, different statistical approaches for finding the correct key candidate are available. The purpose of this work is to investigate the efficiency of such test in theory and… (More)
In this paper, a multidimensional Walsh transform is used to obtain a characterization of vector-valued bent function in terms of the value distributions of the translates of the function by linear functions.
Linear cryptanalysis and linear approximation methods in general are among the most important cryptanalysis methods of symmetric ciphers and their components. Recently, these methods have been extended to efficiently exploit multiple linear approximations simultaneously. It is known that high nonlinearity of Boolean functions and S-boxes is a desirable… (More)
In this article, the theory of multidimensional linear attacks on block ciphers is developed and the basic attack algorithms and their complexity estimates are presented. As an application the multidimensional linear distinguisher derived by Cho for the block cipher PRESENT is discussed in detail.