# Zero-Correlation Linear Cryptanalysis of Block Ciphers

@article{Bogdanov2011ZeroCorrelationLC, title={Zero-Correlation Linear Cryptanalysis of Block Ciphers}, author={A. Bogdanov and V. Rijmen}, journal={IACR Cryptol. ePrint Arch.}, year={2011}, volume={2011}, pages={123} }

Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis – zero-correlation linear cryptanalysis – a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an algorithm of complexity 2 is proposed for the exact evaluation of correlation. Non-trivial zero… Expand

#### 44 Citations

Zero Correlation Linear Cryptanalysis with Reduced Data Complexity

- Mathematics, Computer Science
- FSE
- 2012

The findings of this paper demonstrate that the prohibitive data complexity requirements are not inherent in the zero correlationlinear cryptanalysis and can be overcome and suggest that zero correlation linear cryptanalysis can actually break more rounds than the best known impossible differential cryptanalysis does for relevant block ciphers. Expand

An Approach of Zero Correlation Linear Cryptanalysis

- 2016

Differential and Linear Cryptanalysis are two most popular techniques that have been widely used to attacks block ciphers to reveal its weakness in substitution and permutation network. Most of the… Expand

Zero-correlation linear cryptanalysis of reduced-round LBlock

- Mathematics, Computer Science
- Des. Codes Cryptogr.
- 2012

The matrix method is adapted to find zero-correlation linear approximations for both variants of the LBlock as well as the block ciphers with analogous structures like TWINE and the attack does not exploit the structure of the key schedule or S-boxes used in the cipher. Expand

Multidimensional zero-correlation linear cryptanalysis of lightweight block cipher Piccolo-128

- Computer Science
- Secur. Commun. Networks
- 2016

The zero-correlation linear approximations over 7-round Piccolo and the security of Piccolo-128 against multidimensional zero-Correlation linear cryptanalysis are studied and the first known-plaintexts attacks on round 0-12/round, 15-28/ round, and 14-28 ofPiccolo- 128 are proposed. Expand

Linear Cryptanalysis of DES with Asymmetries

- Mathematics, Computer Science
- IACR Cryptol. ePrint Arch.
- 2017

In a revisit, Junod concluded that when using 2^{43}\) known plaintexts, this attack has a complexity of \(2^{41}\) DES evaluations, and relies on the standard assumptions of right-key equivalence and wrong-key randomisation. Expand

Differential-Linear Cryptanalysis Revisited

- Computer Science
- FSE
- 2014

An exact expression of the bias of a differential-linear approximation in a closed form is given under the sole assumption that the two parts of the cipher are independent, and it is shown how to approximate the bias efficiently, and perform experiments on it. Expand

Variants of Differential and Linear Cryptanalysis

- Mathematics, Computer Science
- IACR Cryptol. ePrint Arch.
- 2015

The steps to find distinguisher and steps to recover key of all variants of differential and linear attacks developed till today are illustrated. Expand

Experimenting Linear Cryptanalysis

- 2011

Since the publication of linear cryptanalysis in the early 1990s, the precise understanding of the statistical properties involved in such attacks has proven to be a challenging and computationally… Expand

Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers

- Computer Science
- Secur. Commun. Networks
- 2020

The proposed generic cryptanalysis model based on deep learning (DL), where the model tries to find the key of block ciphers from known plaintext-ciphertext pairs, shows the feasibility and indicates that the DL technology can be a useful tool for the cryptanalysis of blockciphers when the keyspace is restricted. Expand

Cryptanalysis of Selected Block Ciphers

- Computer Science
- 2016

A proposed attack named the Invariant Subspace Attack is utilized to break the full block cipher PRINTcipher for a significant fraction of its keys and shows that for weak keys, strongly biased linear approximations exists for any number of rounds. Expand

#### References

SHOWING 1-10 OF 31 REFERENCES

Impossible Differential Cryptanalysis of CLEFIA

- Mathematics, Computer Science
- FSE
- 2008

This paper reports impossible differential cryptanalysis on the 128-bit block cipher CLEFIA that was proposed in 2007, including new 9-round impossible differentials for CLEFIA, and the result of an… Expand

Linear Cryptanalysis Method for DES Cipher

- Computer Science
- EUROCRYPT
- 1993

A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations. Expand

Decorrelation: A Theory for Block Cipher Security

- Mathematics, Computer Science
- Journal of Cryptology
- 2003

This paper proposes convenient tools in order to study Pseudorandomness in connection with the Shannon Theory, the Carter–Wegman universal hash functions paradigm, and the Luby–Rackoff approach, which enables the construction of new ciphers with security proofs under specific models. Expand

Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis

- Mathematics, Computer Science
- ASIACRYPT
- 2000

It is the main result of this paper that the upper bound of r-round (r ≥ 15) differential probabilities are bounded by p4 if the maximum differential probability of a round function is p, and an impossible differential of this structure does not exist if r ≥ 16. Expand

On the Pseudorandomness of Top-Level Schemes of Block Ciphers

- Computer Science
- ASIACRYPT
- 2000

This work compares the randomness provided by the schemes used by the AES candidates and provides a general paradigm for analyzing the security provided bythe interaction between the different levels of the block cipher structure. Expand

Properties of Linear Approximation Tables

- Mathematics, Computer Science
- FSE
- 1994

This paper describes the distribution of the linear approximation tables of the nonlinear mappings used by the cipher, usually the S-boxes, as in the case of DES, and uses the results to construct Feistel ciphers provably resistant to linear cryptanalysis. Expand

Linear Approximation of Block Ciphers

- Computer Science
- EUROCRYPT
- 1994

The results of this paper give the theoretical fundaments on which Matsui's linear cryptanalysis of the DES is based and it is shown how to achieve proven resistance against linear crypt analysis. Expand

An Improved Impossible Differential Attack on MISTY1

- Computer Science
- ASIACRYPT
- 2008

This paper combines the generic impossible differential attack against 5-round Feistel ciphers with the dedicated Slicing attack to mount an attack on5-round MISTY1 with all the FL functions with time complexity of 246.45 simple operations, leading to the best known cryptanalytic result on the cipher. Expand

On Matsui's Linear Cryptanalysis

- Computer Science
- EUROCRYPT
- 1994

This paper formalizes this method of cryptanalysis and shows that although in the details level this method is quite different from differential cryptanalysis, in the structural level they are very similar. Expand

Related-Key Impossible Differential Attacks on 8-Round AES-192

- Mathematics, Computer Science
- CT-RSA
- 2006

In this paper we examine the strength of AES against the related-key impossible differential attack, following the work of Jakimoski and Desmedt [12]. We use several additional observations to… Expand