Cryptology ePrint Archive: Report 2004/057

On Multiple Linear Approximations

Alex Biryukov and Christophe De Canni\`ere and Michael Quisquater

Abstract: In this paper we study the long standing problem of information extraction from multiple linear approximations. We develop a formal statistical framework for block cipher attacks based on this technique and derive explicit and compact gain formulas for generalized versions of Matsui's Algorithm 1 and Algorithm 2. The theoretical framework allows both approaches to be treated in a unified way, and predicts significantly improved attack complexities compared to current linear attacks using a single approximation. In order to substantiate the theoretical claims, we benchmarked the attacks against reduced-round versions of DES and observed a clear reduction of the data and time complexities, in almost perfect correspondence with the predictions. The complexities are reduced by several orders of magnitude for Algorithm 1, and the significant improvement in the case of Algorithm 2 suggests that this approach may outperform the currently best attacks on the full DES algorithm.

Category / Keywords: secret-key cryptography / linear cryptanalysis, multiple linear approximations, maximum likelihood decoding

Date: received 23 Feb 2004

Contact author: christophe decanniere at esat kuleuven ac be

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20040223:214641 (All versions of this report)

Discussion forum: Show discussion | Start new discussion