Differential-linear attack
From Wikipedia, the free encyclopedia
Introduced by Martin Hellman and Susan K. Langford in 1994, the differential-linear attack is a mix of both linear cryptanalysis and differential cryptanalysis.
The differential attack produces a linear approximation of part of the cipher with a probability of 1 (for a few rounds—this probability would be much lower for the whole cipher). Hellman and Langford have shown that this attack could recover 10 key bits of an 8-round DES with only 512 chosen plaintexts and an 80% chance of success. The last bits are then recovered by an exhaustive search over the remaining keys.
The attack has been improved by Eli Biham et al. to use linear approximations with probability less than 1. Besides DES, it has been applied to FEAL, IDEA, Serpent, Camellia, and even the stream cipher Phelix.
[edit] References
- Johan Borst (February 1997). "Differential-Linear Cryptanalysis of IDEA" (PDF/PostScript). Retrieved on 2007-03-08.
- Johan Borst, Lars R. Knudsen, Vincent Rijmen (May 1997). "Two Attacks on Reduced IDEA" (gzipped PostScript). Advances in Cryptology - EUROCRYPT '97: pp.1–13, Konstanz: Springer-Verlag. Retrieved on 2007-03-08.
- Biham, E.; Dunkelman, O.; & Keller, N. (December 2002). "Enhancing Differential-Linear Cryptanalysis" (PDF/gzipped PostScript). Advances in Cryptology, proceeding of ASIACRYPT 2002, Lecture Notes in Computer Science 2501: pp.254–266, Queenstown, New Zealand: Springer-Verlag. Retrieved on 2006-12-07.
- Biham, Dunkelman, Keller (February 2003). "Differential-Linear Cryptanalysis of Serpent" (PDF/PostScript). 10th International Workshop on Fast Software Encryption (FSE '03): pp.9–21, Lund: Springer-Verlag. Retrieved on 2007-03-08.
- Hongjun Wu, Bart Preneel (December 12, 2006). "Differential-Linear Attacks against the Stream Cipher Phelix" (PDF). 14th International Workshop on Fast Software Encryption (FSE '07), Luxembourg City: Springer-Verlag. Retrieved on 2007-03-08.