In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear cryptanalysis is one of the two most widely used attacks on block ciphers; the other being differential cryptanalysis.
The discovery is attributed to Mitsuru Matsui, who first applied the technique to the FEAL cipher (Matsui and Yamagishi, 1992).[1] Subsequently, Matsui published an attack on the Data Encryption Standard (DES), eventually leading to the first experimental cryptanalysis of the cipher reported in the open community (Matsui, 1993; 1994).[2][3] The attack on DES is not generally practical, requiring 247 known plaintexts.[3]
A variety of refinements to the attack have been suggested, including using multiple linear approximations or incorporating non-linear expressions, leading to a generalized partitioning cryptanalysis. Evidence of security against linear cryptanalysis is usually expected of new cipher designs.
^Matsui, M. & Yamagishi, A. "A new method for known plaintext attack of FEAL cipher". Advances in Cryptology – EUROCRYPT 1992.
^Matsui, M. "The first experimental cryptanalysis of the data encryption standard". Advances in Cryptology – CRYPTO 1994.
^ abMatsui, M. "Linear cryptanalysis method for DES cipher" (PDF). Advances in Cryptology – EUROCRYPT 1993. Archived from the original (PDF) on 2007-09-26. Retrieved 2007-02-22.
and 19 Related for: Linear cryptanalysis information
In cryptography, linearcryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have...
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash...
retains. Differential-linearcryptanalysis was proposed by Langford and Hellman in 1994, and combines differential and linearcryptanalysis into a single attack...
sizes. A linearcryptanalysis is a form of cryptanalysis based on finding affine approximations to the action of a cipher. Linearcryptanalysis is one of...
cryptanalysis is a form of cryptanalysis for block ciphers. Developed by Carlo Harpes in 1995, the attack is a generalization of linearcryptanalysis...
susceptible to various forms of cryptanalysis, and has acted as a catalyst in the discovery of differential and linearcryptanalysis. There have been several...
Springer-Verlag, 1994. Lars R. Knudsen, M. J. B. Robshaw, "Non-linear Approximations in LinearCryptanalysis", in Advances in Cryptology – Eurocrypt'96, LNCS 1070...
theory, designed to be provably secure against differential cryptanalysis, linearcryptanalysis, and even certain types of undiscovered cryptanalytic attacks...
Rechberger (2011-08-17). "Biclique Cryptanalysis of the Full AES". Cryptology ePrint Archive. Vincent Rijmen (1997). "Cryptanalysis and Design of Iterated Block...
XOR, modular addition, and bit rotation. It has been shown that linearcryptanalysis can break NUSH with less effort than a brute force attack. Lars Knudsen...
cryptography, mod n cryptanalysis is an attack applicable to block and stream ciphers. It is a form of partitioning cryptanalysis that exploits unevenness...
rounds is susceptible to linearcryptanalysis, and a reduced version of 5 rounds is susceptible to differential cryptanalysis. In 2014, Alex Biryukov and...
www.iacr.org. Biham, E., & Perle, S. (2018). Conditional LinearCryptanalysis – Cryptanalysis of DES with Less Than 242 Complexity. IACR Transactions on...
differential cryptanalysis, and discovered the technique of linearcryptanalysis, published in 1993. Differential and linearcryptanalysis are the two...
sought will have been found. But this may not be enough assurance; a linearcryptanalysis attack against DES requires 243 known plaintexts (with their corresponding...
Springer-Verlag 1999. Wenling Wu, Bao Li, Denguo Feng, Sihan Qing, "Linearcryptanalysis of LOKI97", Journal of Software, vol 11 no 2, pp 202–6, Feb 2000...
immune to that order. The Walsh coefficients play a key role in linearcryptanalysis. The autocorrelation of a Boolean function is a k-ary integer-valued...
a bent function by an affine (linear) function is hard, a useful property in the defence against linearcryptanalysis. In addition, detecting a change...