New Results in the Linear Cryptanalysis of DES

Igor Semaev

Abstract: Two open problems on using Matsui's Algorithm 2 with multiple linear approximations posed earlier by Biryukov, De Canni$\grave{\hbox{e}}$re and M. Quisquater at Crypto'04 are solved in the present paper. That improves the linear cryptanalysis of 16-round DES reported by Matsui at Crypto'94.

