On Multiple Linear Approximations

Biryukov, Alex; Cannière, Christophe De; Quisquater, Michaël

doi:10.1007/978-3-540-28628-8_1

Cited by 108 publications

(175 citation statements)

References 12 publications

Supporting

Mentioning

166

Contrasting

Unclassified

Order By: Relevance

“…Premise of this approach have already been proposed in some papers by independently considering different differentials [4] (different analysis phases for different characterics) or by summing the information coming from the different characterics to perform all in one step. In the context of linear cryptanalysis, the method known as multiple linear cryptanalysis [18,5,13] considers each characteristic independently and proposes to analyze the vectors of information for each key candidate. While the question of characteristics combination have been deeply studied for linear cryptanalysis [18,5,[13][14][15], the lack of a comprehensive study on this topic in the context of differential cryptanalysis motivates the present work.…”

Section: Differential Cryptanalysismentioning

confidence: 99%

“…In the context of linear cryptanalysis, the method known as multiple linear cryptanalysis [18,5,13] considers each characteristic independently and proposes to analyze the vectors of information for each key candidate. While the question of characteristics combination have been deeply studied for linear cryptanalysis [18,5,[13][14][15], the lack of a comprehensive study on this topic in the context of differential cryptanalysis motivates the present work. In the following, and after presenting the required background, we propose a general framework and instantiate it with statistical tools already shown to be useful for linear cryptanalysis.…”

Section: Differential Cryptanalysismentioning

confidence: 99%

“…As shown in the case of linear cryptanalysis, different approaches may be used depending on the context. In 2004, Biryukov et al proposed a multiple linear cryptanalysis under the assumption that linear approximations are statistically independent 4 [5]. Later Hermelin et al introduced the multidimensional linear cryptanalysis [14,15].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Multiple Differential Cryptanalysis Using LLR and χ 2 Statistics

Blondeau

Gérard

Nyberg

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Recent block ciphers have been designed to be resistant against differential cryptanalysis. Nevertheless it has been shown that such resistance claims may not be as accurate as wished due to recent advances in this field. One of the main improvements to differential cryptanalysis is the use of many differentials to reduce the data complexity. In this paper we propose a general model for understanding multiple differential cryptanalysis and propose new attacks based on tools used in multidimensional linear cryptanalysis (namely LLR and χ 2 statistical tests). Practical cases to evaluate different approaches for selecting and combining differentials are considered on a reduced version of the cipher PRESENT. We also consider the accuracy of the theoretical estimates corresponding to these attacks.

show abstract

Section: Differential Cryptanalysismentioning

confidence: 99%

Section: Differential Cryptanalysismentioning

confidence: 99%

See 1 more Smart Citation

Multiple Differential Cryptanalysis Using LLR and χ 2 Statistics

Blondeau

Gérard

Nyberg

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Our findings give significant confidence to assert that Hummingbird-2 is resistant to linear cryptanalysis up to twelve rounds of f . We have also experimented with multiple linear approximations in our analysis [2].…”

Section: Linear and Algebraic Cryptanalysismentioning

confidence: 99%

The Hummingbird-2 Lightweight Authenticated Encryption Algorithm

Engels

Saarinen

Schweitzer

et al. 2012

RFID. Security and Privacy

129

130

View full text Add to dashboard Cite

Abstract. Hummingbird-2 is an encryption algorithm with a 128-bit secret key and a 64-bit initialization vector. Hummingbird-2 optionally produces an authentication tag for each message processed. Like it's predecessor Hummingbird-1, Hummingbird-2 has been targeted for low-end microcontrollers and for hardware implementation in lightweight devices such as RFID tags and wireless sensors. Compared to the previous version of the cipher, and in response to extensive analysis, the internal state has been increased to 128 bits and a flow of entropy from the state to the mixing function has been improved. In this paper we present the Hummingbird-2 algorithm, its design and security arguments, performance analysis on both software and hardware platforms, and timing analysis in relation to the ISO 18000-6C protocol.

show abstract

“…Multiple linear approximations were first proposed in [6,7] and they have been the subject of much recent analysis [3,5]. Here we take m different linear approximations, where we use κ j to denote a single bit of key information, The purpose is to use several approximations to reduce the number of plaintexts when keeping the same probability of sucess.…”

Section: Multiple Linear Approximationsmentioning

confidence: 99%

The Cryptanalysis of Reduced-Round SMS4

Etrog

Robshaw

2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

In this paper we consider the cryptanalysis of the block cipher SMS4. The cipher has received much recent attention due its simplicity and prominence (it is used in wireless networks in China) and a range of differential attacks break up to 21 of the 32 rounds used in SMS4. Here we consider the application of linear cryptanalysis to the cipher and we demonstrate a simple attack on 22 rounds of SMS4. We also consider some advanced linear cryptanalytic techniques which, under the best conditions for the cryptanalyst, might (just) extend to 23 rounds.

show abstract

On Multiple Linear Approximations

Cited by 108 publications

References 12 publications

Multiple Differential Cryptanalysis Using LLR and χ 2 Statistics

Multiple Differential Cryptanalysis Using LLR and χ 2 Statistics

The Hummingbird-2 Lightweight Authenticated Encryption Algorithm

The Cryptanalysis of Reduced-Round SMS4

Contact Info

Product

Resources

About