Differential-linear attack

From Wikipedia, the free encyclopedia

Introduced by Martin Hellman and Susan K. Langford in 1994, the differential-linear attack is a mix of both linear cryptanalysis and differential cryptanalysis.

The differential attack produces a linear approximation of part of the cipher with a probability of 1 (for a few rounds—this probability would be much lower for the whole cipher). Hellman and Langford have shown that this attack could recover 10 key bits of an 8-round DES with only 512 chosen plaintexts and an 80% chance of success. The last bits are then recovered by an exhaustive search over the remaining keys.

The attack has been improved by Eli Biham et al. to use linear approximations with probability less than 1. Besides DES, it has been applied to FEAL, IDEA, Serpent, Camellia, and even the stream cipher Phelix.

[edit] References

Languages