How Biased Are Linear Biases

Home Page
About
Submit A Journal
Submit A Conference
Submit Paper/Book
- Submit a Preprint
- Submit a Book
Contact

International Journal of Information Security Science
Volume:1 Issue:1
How Biased Are Linear Biases

How Biased Are Linear Biases

Authors : Orhun KARA, Adnan BAYSAL

Pages : 20-31

View : 35 | Download : 7

Publication Date : 2012-04-10

Article Type : Research Paper

Abstract :In this paper we re-visit the Matsui`s linear cryptanalysis. The linear attack on the full round DES was the first attack that has been verified experimentally. Matsui extended one-round linear approximations to a linear mask of plaintext-ciphertext pairs by means of his piling-up lemma. The assumption of the lemma, the independence of the random variables in the round approximations, is hopefully fulfilled for the full round DES. So the experiment was successful. However, there exist some ciphers whose linear approximations may have completely different biases than those calculated by the piling-up lemma. We work out a case study where the biases of the linear approximations cannot be calculated through the lemma. We derive the theoretical infrastructures which lead us to compute the overall bias. We verify the theoretical results by performing some experiments on a toy cipher. For the verification, we mount a linear attack on the cipher and construct two linear approximations having the same plaintext-ciphertext masks. We show that the biases of the approximations are different from what the piling-up lemma asserts.
Keywords : block cipher, linear cryptanalysis, nonlinearity, DES, linear hull, linear approximation

ORIGINAL ARTICLE URL

* There may have been changes in the journal, article,conference, book, preprint etc. informations. Therefore, it would be appropriate to follow the information on the official page of the source. The information here is shared for informational purposes. IAD is not responsible for incorrect or missing information.