Paper 2024/151

Improving Linear Key Recovery Attacks using Walsh Spectrum Puncturing

Antonio Flórez-Gutiérrez, NTT (Japan)
Yosuke Todo, NTT (Japan)

In some linear key recovery attacks, the function which determines the value of the linear approximation from the plaintext, ciphertext and key is replaced by a similar map in order to improve the time or memory complexity at the cost of a data complexity increase. We propose a general framework for key recovery map substitution, and introduce Walsh spectrum puncturing, which consists of removing carefully-chosen coefficients from the Walsh spectrum of this map. The capabilities of this technique are illustrated by describing improved attacks on reduced-round Serpent (including the first 12-round attack on the 192-bit key variant), GIFT-128 and NOEKEON, as well as the full DES.

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in EUROCRYPT 2024
CryptanalysisLinear cryptanalysisKey recoverySerpentDESGIFTNOEKEON
Contact author(s)
antonio florezgutierrez @ gmail com
todo yosuke @ gmail com
2024-02-02: approved
2024-02-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Antonio Flórez-Gutiérrez and Yosuke Todo},
      title = {Improving Linear Key Recovery Attacks using Walsh Spectrum Puncturing},
      howpublished = {Cryptology ePrint Archive, Paper 2024/151},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.