Paper 2024/871

New Approaches for Estimating the Bias of Differential-Linear Distinguishers (Full Version)

Ting Peng, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Wentao Zhang, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Jingsui Weng, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Tianyou Ding, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Abstract

Differential-linear cryptanalysis was introduced by Langford and Hellman in 1994 and has been extensively studied since then. In 2019, Bar-On et al. presented the Differential-Linear Connectivity Table (DLCT), which connects the differential part and the linear part, thus an attacked cipher is divided to 3 subciphers: the differential part, the DLCT part, and the linear part. In this paper, we firstly present an accurate mathematical formula which establishes a relation between differential-linear and truncated differential cryptanalysis. Using the formula, the bias estimate of a differential-linear distinguisher can be converted to the probability calculations of a series of truncated differentials. Then, we propose a novel and natural concept, the TDT, which can be used to accelerate the calculation of the probabilities of truncated differentials. Based on the formula and the TDT, we propose two novel approaches for estimating the bias of a differential-linear distinguisher. We demonstrate the accuracy and efficiency of our new approaches by applying them to 5 symmetric-key primitives: Ascon, Serpent, KNOT, AES, and CLEFIA. For Ascon and Serpent, we update the best known differential-linear distinguishers. For KNOT AES, and CLEFIA, for the first time we give the theoretical differential-linear biases for different rounds.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in CRYPTO 2024
Keywords
Differential-linear cryptanalysisTruncated cryptanalysis SPN ciphersTDTAsconSerpentKNOTAESCLEFIA
Contact author(s)
pengting @ iie ac cn
zhangwentao @ iie ac cn
wengjingsui @ iie ac cn
dingtianyou @ iie ac cn
History
2024-08-12: revised
2024-06-01: received
See all versions
Short URL
https://ia.cr/2024/871
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/871,
      author = {Ting Peng and Wentao Zhang and Jingsui Weng and Tianyou Ding},
      title = {New Approaches for Estimating the Bias of Differential-Linear Distinguishers (Full Version)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/871},
      year = {2024},
      url = {https://eprint.iacr.org/2024/871}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.