Cryptology ePrint Archive: Report 2010/325

Effect of the Dependent Paths in Linear Hull

Zhenli Dai and Meiqin Wang and Yue Sun

Abstract: Linear Hull is a phenomenon that there are a lot of linear paths with the same data mask but different key masks for a block cipher. In 1994, K. Nyberg presented the effect on the key-recovery attack such as Algorithm 2 with linear hull, in which the required number of the known plaintexts can be decreased compared with that in the attack using an individual linear path. In 2009, S. Murphy proved that K. Nyberg's results can only be used to give a lower bound on the data complexity and will be no use on the real linear cryptanalysis. In fact, the linear hull produces such positive effect in linear cryptanalysis only for some keys instead of the whole key space. So the linear hull can be used to improve the classic linear cryptanalysis for some weak keys. In the same year, K. Ohkuma gave the linear hull analysis on reduced-round PRESENT block cipher, and showed that there are $32\%$ weak keys of PRESENT which make the bias of a given linear hull with multiple paths more than a lower bound. However, K. Ohkuma has not considered the dependency of the multi-path, and his results are based on the assumption that the linear paths are independent. Actually, most of the linear paths are dependent in the linear hull. In this paper, we will analyze the dependency of the linear paths in a linear hull and the real effect of linear hull with the dependent linear paths. Firstly, we give the relation between the bias of a linear hull and its linear paths in linear cryptanalysis. Secondly, we present the formula to compute the rate of weak keys corresponding to the expected bias of the dependent paths. Based on the formula, we show that the dependency of linear paths reduces the number of weak keys corresponding to higher biases of the linear hull compared with that in the independent case. It means that the dependency of linear paths reduces the effect of linear hull. At last, we verify our conclusion by analyzing reduced-round of PRESENT.

Category / Keywords: Linear Hull, Dependency of Linear Paths, Weak Key, PRESENT, Block Cipher

Date: received 2 Jun 2010, last revised 7 Nov 2010

Contact author: mqwang at sdu edu cn

Available formats: PDF | BibTeX Citation

Version: 20101107:211026 (All versions of this report)

Discussion forum: Show discussion | Start new discussion