Abstract
Many attacks on encryption schemes rely on statistical considerations using plaintext/ciphertext pairs to find some information on the key. We provide here simple formulae for estimating the data complexity and the success probability which can be applied to a lot of different scenarios (differential cryptanalysis, linear cryptanalysis, truncated differential cryptanalysis, etc.). Our work does not rely here on Gaussian approximation which is not valid in every setting but use instead a simple and general approximation of the binomial distribution and asymptotic expansions of the beta distribution.
Similar content being viewed by others
References
Vaudenay S.: Decorrelation: a theory for block cipher security. J. Cryptol. 16, 249–286 (2003)
Tardy-Corfdir A., Gilbert H.: A known plaintext attack of FEAL-4 and FEAL-6. In: CRYPTO ’91. LNCS, vol. 576, pp. 172–181. Springer-Verlag, Heidleberg (1992).
Matsui M.: Linear cryptanalysis method for DES cipher. In: EUROCRYPT ’93. LNCS, vol. 765, pp. 386–397. Springer-Verlag, Heidlberg (1993).
Matsui M.: The first experimental cryptanalysis of the data encryption standard. In: CRYPTO ’94. LNCS, vol. 839, pp. 1–11. Springer-Verlag, Heidleberg (1994).
Biham E., Shamir A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4, 3–72 (1991)
Selçuk A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21, 131–147 (2008)
Lai X., Massey J.L., Murphy S.: Markov Ciphers and differential cryptanalysis. In: LNCS, vol. 547, pp. 17–38. Springer, Heidleberg (1991).
Knudsen L.R.: Truncated and higher order differentials. In: FSE ’94. LNCS, vol. 1008, pp. 196–211. Springer-Verlag, Heidleberg (1994).
Junod P.: On the optimality of linear, differential, and sequential distinguishers. In: EUROCRYPT ’03. LNCS, vol. 2656, pp. 17–32. Springer-Verlag, Heidleberg (2003).
Baignères T., Junod P., Vaudenay S.: How far can we go beyond linear cryptanalysis? In: ASIACRYPT ’04. LNCS, vol. 3329, pp. 432–450. Springer-Verlag, Heidleberg (2004).
Baignères T., Vaudenay S.: The complexity of distinguishing distributions. In: ICITS ’08. LNCS, vol. 5155, pp. 210–222. Springer-Verlag, Heidleberg (2008).
Junod P.: On the complexity of Matsui’s attack. In: SAC ’01. LNCS, vol. 2259, pp. 199–211. Springer-Verlag, Heidleberg (2001).
Junod P., Vaudenay S.: Optimal key ranking procedures in a statistical cryptanalysis. In: FSE ’03. LNCS, vol. 2887, pp. 235–246. Springer-Verlag, Heidleberg (2003).
Nyberg K.: Generalized Feistel networks. In: ASIACRYPT ’96. LNCS, vol. 1163, pp. 91–104. Springer-Verlag, Heidleberg (1996).
Harpes C., Kramer G., Massey J.: A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma. In: EUROCRYPT ’95. LNCS, vol. 921, pp. 24–38. Springer-Verlag, Heidleberg (1995).
Cover T., Thomas J.: Information theory. Wiley series in communications. Wiley, New York (1991)
Arriata R., Gordon L.: Tutorial on large deviations for the binomial distribution. Bull. Math. Biol. 51, 125–131 (1989)
Langford S.K., Hellman M.E.: Differential-linear cryptanalysis. In: CRYPTO ’94. LNCS, vol. 839, pp. 17–25. Springer-Verlag, Heidleberg (1994).
Biham E., Shamir A.: Differential cryptanalysis of the full 16-round DES. In: CRYPTO’92. LNCS, vol. 740, pp. 487–496. Springer-Verlag, Heidleberg (1993).
Biham E., Biryukov A., Shamir A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: EUROCRYPT ’99. LNCS, vol. 1592, pp. 12–23. Springer-Verlag, Heidleberg (1999).
David H., Nagaraja H.: Order Statistics, third edn. Wiley series in Probability Theory. Wiley, New York (2003)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Blondeau, C., Gérard, B. & Tillich, JP. Accurate estimates of the data complexity and success probability for various cryptanalyses. Des. Codes Cryptogr. 59, 3–34 (2011). https://doi.org/10.1007/s10623-010-9452-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-010-9452-2