**Distinguishing Error of Nonlinear Invariant Attacks**

*Subhabrata Samajder and Palash Sarkar*

**Abstract: **Linear cryptanalysis considers correlations between linear input and output combiners for block ciphers and stream ciphers.
Daeman and Rijmen (2007) had obtained the distributions of the correlations between linear input and output combiners of
uniform random functions and uniform random permutations. Our first contribution is to generalise these results to obtain the
distributions of the correlations between arbitrary input and output combiners of uniform random functions and uniform random permutations.
Recently, Todo et al. (2018) have proposed nonlinear invariant attacks which consider correlations between nonlinear input
and output combiners for a key-alternating block cipher. In its basic form, a nonlinear invariant attack is a distinguishing attack.
The second and the main contribution of this paper is to obtain precise expressions for the errors of nonlinear invariant attacks in
distinguishing a key-alternating cipher from either a uniform random function or a uniform random permutation.

**Category / Keywords: **secret-key cryptography / correlation, uniform random function, uniform random permutation, block cipher, nonlinear invariant attack, distinguishing attack, error probability

**Date: **received 1 Oct 2018

**Contact author: **palash at isical ac in

**Available format(s): **PDF | BibTeX Citation

**Version: **20181002:041711 (All versions of this report)

**Short URL: **ia.cr/2018/935

[ Cryptology ePrint archive ]