New Approaches for Estimating the Bias of Differential-Linear Distinguishers (Full Version)

Ting Peng; Wentao Zhang; Jingsui Weng; Tianyou Ding

Paper 2024/871

New Approaches for Estimating the Bias of Differential-Linear Distinguishers (Full Version)

Ting Peng, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences

Wentao Zhang, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences

Jingsui Weng, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences

Tianyou Ding, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences

Abstract

Differential-linear cryptanalysis was introduced by Langford and Hellman in 1994 and has been extensively studied since then. In 2019, Bar-On et al. presented the Differential-Linear Connectivity Table (DLCT), which connects the differential part and the linear part, thus an attacked cipher is divided to 3 subciphers: the differential part, the DLCT part, and the linear part. In this paper, we firstly present an accurate mathematical formula which establishes a relation between differential-linear and truncated differential cryptanalysis. Using the formula, the bias estimate of a differential-linear distinguisher can be converted to the probability calculations of a series of truncated differentials. Then, we propose a novel and natural concept, the TDT, which can be used to accelerate the calculation of the probabilities of truncated differentials. Based on the formula and the TDT, we propose two novel approaches for estimating the bias of a differential-linear distinguisher. We demonstrate the accuracy and efficiency of our new approaches by applying them to 5 symmetric-key primitives: Ascon, Serpent, KNOT, AES, and CLEFIA. For Ascon and Serpent, we update the best known differential-linear distinguishers. For KNOT AES, and CLEFIA, for the first time we give the theoretical differential-linear biases for different rounds.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Preprint.
Keywords: Differential-linear cryptanalysis Truncated cryptanalysis SPN ciphers TDT Ascon Serpent KNOT AES CLEFIA
Contact author(s): pengting @ iie ac cn
zhangwentao @ iie ac cn
wengjingsui @ iie ac cn
dingtianyou @ iie ac cn
History: 2024-06-05: approved; 2024-06-01: received; See all versions
Short URL: https://ia.cr/2024/871
License: CC BY

BibTeX

@misc{cryptoeprint:2024/871,
      author = {Ting Peng and Wentao Zhang and Jingsui Weng and Tianyou Ding},
      title = {New Approaches for Estimating the Bias of Differential-Linear Distinguishers (Full Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2024/871},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/871}},
      url = {https://eprint.iacr.org/2024/871}
}