TY - GEN

T1 - Improving linear cryptanalysis of LOKI91 by probabilistic counting method

AU - Sakurai, Kouichi

AU - Furuya, Souichi

N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 1997.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.

PY - 1997

Y1 - 1997

N2 - We improve linear cryptanalysis by introducing a technique of probabilistic counting into the maximum likelihood stage. In the original linear cryptanalysis based on maximum likelihood method with deterministic counting, the number of effective key and text bits is a multiple of the number of bit involved in the input to some S-box. Then, when larger S-boxes are used, 2R-method and even the 1R-methods can become impractical just because the number of effective text and key bits become excessive. Though 2R-method is practical for attacking DES, existing examples of ciphers where 2R-method is impractical include LOKI91. We overcome this problem by selecting a part of the effective key bits and investigating the probabilistic behavior of the remained effective key bits. The previous attacks discusses deterministic evaluation of the given approximated formula only when all values of the effective text/key bits are known, while we compute the probability that the approximated formula with unknown inputs equals to zero. This extension of linear cryptanalysis make useful for 2R-attack on LOKI91, then improves the performance of previous attacks. Furthermore, we implemented some experiments of attacks on 4-round LOKI91, and confirmed the effectiveness of our method.

AB - We improve linear cryptanalysis by introducing a technique of probabilistic counting into the maximum likelihood stage. In the original linear cryptanalysis based on maximum likelihood method with deterministic counting, the number of effective key and text bits is a multiple of the number of bit involved in the input to some S-box. Then, when larger S-boxes are used, 2R-method and even the 1R-methods can become impractical just because the number of effective text and key bits become excessive. Though 2R-method is practical for attacking DES, existing examples of ciphers where 2R-method is impractical include LOKI91. We overcome this problem by selecting a part of the effective key bits and investigating the probabilistic behavior of the remained effective key bits. The previous attacks discusses deterministic evaluation of the given approximated formula only when all values of the effective text/key bits are known, while we compute the probability that the approximated formula with unknown inputs equals to zero. This extension of linear cryptanalysis make useful for 2R-attack on LOKI91, then improves the performance of previous attacks. Furthermore, we implemented some experiments of attacks on 4-round LOKI91, and confirmed the effectiveness of our method.

UR - http://www.scopus.com/inward/record.url?scp=84943147885&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84943147885&partnerID=8YFLogxK

U2 - 10.1007/bfb0052340

DO - 10.1007/bfb0052340

M3 - Conference contribution

AN - SCOPUS:84943147885

SN - 3540632476

SN - 9783540632474

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 114

EP - 133

BT - Fast Software Encryption - 4th International Workshop, FSE 1997, Proceedings

A2 - Biham, Eli

PB - Springer Verlag

T2 - 4th International Workshop on Fast Software Encryption, FSE 1997

Y2 - 20 January 1997 through 22 January 1997

ER -