### Abstract

We improve linear cryptanalysis by introducing a technique of probabilistic counting into the maximum likelihood stage. In the original linear cryptanalysis based on maximum likelihood method with deterministic counting, the number of effective key and text bits is a multiple of the number of bit involved in the input to some S-box. Then, when larger S-boxes are used, 2R-method and even the 1R-methods can become impractical just because the number of effective text and key bits become excessive. Though 2R-method is practical for attacking DES, existing examples of ciphers where 2R-method is impractical include LOKI91. We overcome this problem by selecting a part of the effective key bits and investigating the probabilistic behavior of the remained effective key bits. The previous attacks discusses deterministic evaluation of the given approximated formula only when all values of the effective text/key bits are known, while we compute the probability that the approximated formula with unknown inputs equals to zero. This extension of linear cryptanalysis make useful for 2R-attack on LOKI91, then improves the performance of previous attacks. Furthermore, we implemented some experiments of attacks on 4-round LOKI91, and confirmed the effectiveness of our method.

Original language | English |
---|---|

Title of host publication | Fast Software Encryption - 4th International Workshop, FSE 1997, Proceedings |

Editors | Eli Biham |

Publisher | Springer Verlag |

Pages | 114-133 |

Number of pages | 20 |

ISBN (Print) | 3540632476, 9783540632474 |

Publication status | Published - Jan 1 1997 |

Event | 4th International Workshop on Fast Software Encryption, FSE 1997 - Haifa, Israel Duration: Jan 20 1997 → Jan 22 1997 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 1267 |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Other

Other | 4th International Workshop on Fast Software Encryption, FSE 1997 |
---|---|

Country | Israel |

City | Haifa |

Period | 1/20/97 → 1/22/97 |

### Fingerprint

### All Science Journal Classification (ASJC) codes

- Theoretical Computer Science
- Computer Science(all)

### Cite this

*Fast Software Encryption - 4th International Workshop, FSE 1997, Proceedings*(pp. 114-133). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1267). Springer Verlag.

**Improving linear cryptanalysis of LOKI91 by probabilistic counting method.** / Sakurai, Kouichi; Furuya, Souichi.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Fast Software Encryption - 4th International Workshop, FSE 1997, Proceedings.*Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 1267, Springer Verlag, pp. 114-133, 4th International Workshop on Fast Software Encryption, FSE 1997, Haifa, Israel, 1/20/97.

}

TY - GEN

T1 - Improving linear cryptanalysis of LOKI91 by probabilistic counting method

AU - Sakurai, Kouichi

AU - Furuya, Souichi

PY - 1997/1/1

Y1 - 1997/1/1

N2 - We improve linear cryptanalysis by introducing a technique of probabilistic counting into the maximum likelihood stage. In the original linear cryptanalysis based on maximum likelihood method with deterministic counting, the number of effective key and text bits is a multiple of the number of bit involved in the input to some S-box. Then, when larger S-boxes are used, 2R-method and even the 1R-methods can become impractical just because the number of effective text and key bits become excessive. Though 2R-method is practical for attacking DES, existing examples of ciphers where 2R-method is impractical include LOKI91. We overcome this problem by selecting a part of the effective key bits and investigating the probabilistic behavior of the remained effective key bits. The previous attacks discusses deterministic evaluation of the given approximated formula only when all values of the effective text/key bits are known, while we compute the probability that the approximated formula with unknown inputs equals to zero. This extension of linear cryptanalysis make useful for 2R-attack on LOKI91, then improves the performance of previous attacks. Furthermore, we implemented some experiments of attacks on 4-round LOKI91, and confirmed the effectiveness of our method.

AB - We improve linear cryptanalysis by introducing a technique of probabilistic counting into the maximum likelihood stage. In the original linear cryptanalysis based on maximum likelihood method with deterministic counting, the number of effective key and text bits is a multiple of the number of bit involved in the input to some S-box. Then, when larger S-boxes are used, 2R-method and even the 1R-methods can become impractical just because the number of effective text and key bits become excessive. Though 2R-method is practical for attacking DES, existing examples of ciphers where 2R-method is impractical include LOKI91. We overcome this problem by selecting a part of the effective key bits and investigating the probabilistic behavior of the remained effective key bits. The previous attacks discusses deterministic evaluation of the given approximated formula only when all values of the effective text/key bits are known, while we compute the probability that the approximated formula with unknown inputs equals to zero. This extension of linear cryptanalysis make useful for 2R-attack on LOKI91, then improves the performance of previous attacks. Furthermore, we implemented some experiments of attacks on 4-round LOKI91, and confirmed the effectiveness of our method.

UR - http://www.scopus.com/inward/record.url?scp=84943147885&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84943147885&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84943147885

SN - 3540632476

SN - 9783540632474

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 114

EP - 133

BT - Fast Software Encryption - 4th International Workshop, FSE 1997, Proceedings

A2 - Biham, Eli

PB - Springer Verlag

ER -