Generalized differential-linear cryptanalysis of block cipher

Authors

  • A.N. Alekseychuk

DOI:

https://doi.org/10.30837/rt.2021.1.204.01

Keywords:

symmetric cryptography, block cipher, differential-linear cryptanalysis, generalized autocorrelation table, security proof

Abstract

Differential-linear cryptanalysis of block ciphers was proposed in 1994. It turns out to be more efficient in comparison with (separately) differential and linear cryptanalytic methods, but its scientific substantiation remains the subject of further research. There are several publications devoted to formalization of differential-linear cryptanalysis and clarification of the conditions under which its complexity can be mathematically accurately assessed. However, the problem of the differential-linear cryptanalytic method substantiation remains completely unresolved.

This paper  presents first results obtained by the author in the direction of solving this problem. The class of differential-linear attacks on block ciphers is expanded. Namely, both distinguishing attacks and attacks aimed at recovering one bit of information about a key are considered. In this case, no assumptions are made (as in well-known publications) about the possibility of representing the cipher in the form of some two components. Lower bounds of information complexity of these attacks are obtained. The expressions of these bounds depend on the averaged (by keys) values of the elements’ squares of the generalized autocorrelation table of the encryption transformation. In contrast to the known ones, the obtained bounds are not based on any heuristic assumptions about the investigated block ciphers and are valid for a wider class of attacks as compared to the traditional differential-linear attack. Relations between, respectively, differential, linear and differential-linear properties of bijective Boolean mappings are given. In contrast to the well-known works, the matrix form of the relations is used that makes it possible to clarify better their essence and simplify the proofs. A new relation is derived for the elements of the generalized autocorrelation table of the encryption transformation of the product of two block ciphers, which may be useful in further research.

References

Langford S., Hellman M. Differential-linear cryptanalysis // Advanced in Cryptology – Crypto 1994, LNCS. Vol. 839. 1994. P. 17 – 25.

Biham E., Dunkelman O., Keller N. Enhancing differential-linear cryptanalysis // Advanced in Cryptology – ASIACRYPT 2002, LNCS. Vol. 2401. 2002. P. 254 – 266.

Lu J. A methodology for differential-linear cryptanalysis and its applications // Designs, Codes and Cryptography. 2015. Vol. 77. № 1. P. 11 – 48.

Blondeau C., Leander G., Nyberg K. Differential-linear cryptanalysis revisited // J. Cryptology. 2017. Vol. 30. № 3. P. 859 – 888.

Bar-On A., Dunkelman O., Keller N., Weizman A. DLCT: a new tool for differential-linear cryptanalysis // Cryptology ePrint Archive, Report 2019/256. http://eprint.iacr.org/2019/256.

Алексейчук А.Н. Неасимптотические нижние границы информационной сложности статистических атак на симметричные криптосистемы // Кибернетика и системный анализ. 2018. Т. 54. № 1. С. 93 – 104.

Nyberg K. The extended autocorrelation and boomerang tables and links between nonlinearity properties of vectorial Boolean functions // Cryptology ePrint Archive, Report 2019/1381. http://eprint.iacr.org/2019/1381.

Canteuat A., Koelsch L., Li Ch. [et al.] On the differential-linear connectivity table of vectorial Boolean function // CoRR, abs/190807455. 2019.

Lai X., Massey J.L., Murphy S. Markov ciphers and differential cryptanalysis // Advances in Cryptology – EUROCRYPT’91, Proceedings. – Springer Verlag, 1991. P. 17 – 38.

Harpes C., Kramer G.G., Massey J.L. A generalisation of linear cryptoanalysis and the applicability of Matsui’s piling-up lemma // Advances in Cryptology – EUROCRYPT’95, Proceedings. – Springer Verlag, 1995. P. 24 – 38.

Hoeffding W. Probability inequalities for sums of bounded random variables // J. Amer. Statist. Assoc. 1963. Vol. 58. № 301. P. 13 – 30.

Логачев О.А., Сальников А.А., Ященко В.В. Булевы функции в теории кодирования и криптологии. Москва : МЦНМО, 2004. 470 с.

Сачков В.Н. Введение в комбинаторные методы дискретной математики. Москва : Наука, 1982. 384 с.

Daemen J., Govards R., Vandervalle J. Correlation matrices // Fast Software Encryption – FSE’94, LNCS. Vol. 1008. 1994. P. 275 – 285.

Zhang X.-M., Zheng J., Imai H. Relating differential distribution tables to other properties of substitution boxes // Des. Codes Cryptography. 2000. Vol. 19. № 1. P. 45 – 63.

Chabaud F., Vaudenay S. Links between differential and linear cryptanalysis // Advanced in Cryptology – EUROCRYPT’94, LNCS. Vol. 950. 1994. P. 356 – 365.

Published

2021-04-09

How to Cite

Alekseychuk, A. (2021). Generalized differential-linear cryptanalysis of block cipher. Radiotekhnika, 1(204), 5–15. https://doi.org/10.30837/rt.2021.1.204.01

Issue

Section

Articles