zero correlation linear cryptanalysis is a novel key recovery technique for block ciphers proposed in [5]. It is based on linear approximations with probability of exactly 1/2 (which corresponds to the zero correlatio...
详细信息
ISBN:
(纸本)9783642340475
zero correlation linear cryptanalysis is a novel key recovery technique for block ciphers proposed in [5]. It is based on linear approximations with probability of exactly 1/2 (which corresponds to the zerocorrelation). Some block ciphers turn out to have multiple linear approximations with correlationzero for each key over a considerable number of rounds. zero correlation linear cryptanalysis is the counterpart of impossible differential cryptanalysis in the domain of linearcryptanalysis, though having many technical distinctions and sometimes resulting in stronger attacks. In this paper, we propose a statistical technique to significantly reduce the data complexity using the high number of zerocorrelationlinear approximations available. We also identify zerocorrelationlinear approximations for 14 and 15 rounds of TEA and XTEA. Those result in key-recovery attacks for 21-round TEA and 25-round XTEA, while requiring less data than the full code book. In the single secret key setting, these are structural attacks breaking the highest number of rounds for both ciphers. The findings of this paper demonstrate that the prohibitive data complexity requirements are not inherent in the zero correlation linear cryptanalysis and can be overcome. Moreover, our results suggest that zero correlation linear cryptanalysis can actually break more rounds than the best known impossible differential cryptanalysis does for relevant block ciphers. This might make a security re-evaluation of some ciphers necessary in the view of the new attack.
In lightweight cryptographic primitives, round functions with simple operations XOR, modular addition, and shift (or rotation) are widely used nowadays. Among these ciphers, TEA and XTEA are two famous lightweight blo...
详细信息
In lightweight cryptographic primitives, round functions with simple operations XOR, modular addition, and shift (or rotation) are widely used nowadays. Among these ciphers, TEA and XTEA are two famous lightweight block ciphers. At AFRICACRYPT 2012, Jiazhe Chen, Meiqin Wang, and Bart Preneel proposed a method to establish impossible differential distinguishers for TEA and XTEA. At FSE 2012, with similar approach, Andrey Bogdanov and Meiqin Wang identified zerocorrelationlinear distinguishers for TEA and XTEA. We find similarities in these two kinds of distinguishers and then probe into the deeper relationship between them. In this paper, we extend the TEA and XTEA to a more general TEA family-type ciphers and study the impossible differential distinguishers and zerocorrelationlinear distinguishers for this kind of ciphers. More specifically, with the methods proposed in these two references earlier, firstly, we prove the longest lengths for impossible differential distinguishers and zerocorrelationlinear distinguishers on TEA family-type ciphers. Secondly, the number of longest impossible differential distinguishers and zerocorrelationlinear distinguishers are calculated respectively. Then, the specific forms of their input and output differences (or linear masks) are given. Thirdly, a dual property is proposed to demonstrate the deeper relationship between these two kinds of distinguishers. Finally, we give some suggestions for algorithm designers on how to shorten these two kinds of distinguishers for TEA family-type ciphers. Copyright (C) 2017 John Wiley & Sons, Ltd.
The advent of large-scale quantum computers would greatly threaten the security of current cryptosystems. It is urgent to investigate how quantum computing will affect the security of symmetric cryptosystems. Since th...
详细信息
The advent of large-scale quantum computers would greatly threaten the security of current cryptosystems. It is urgent to investigate how quantum computing will affect the security of symmetric cryptosystems. Since the security of symmetric schemes heavily depends on the development of cryptanalytic tools, studying the applications of quantum algorithms to classical cryptanalytic tools is critical. To this end, we study quantum zero correlation linear cryptanalysis and propose two quantum algorithms for finding zerocorrelationlinear hulls of Feistel ciphers and SPN ciphers, respectively. We prove that, as long as the attacked block ciphers satisfy certain algebraic conditions, the linear approximations output by the proposed algorithms have zerocorrelation with a probability close to one. The proposed algorithms have polynomial-time quantum complexity and do not require any quantum or classical query to the attacked block ciphers. Compared to the classical zero correlation linear cryptanalysis, the quantum version has the advantage for extending the number of rounds of zerocorrelationlinear approximations.
暂无评论