Enhanced Methods in Computer Security, Biometric and Artificial Intelligence Systems pp 125-134 | Cite as

# On Arithmetic Subtraction Linear Approximation

## Abstract

In the paper two methods of linear approximation of *n*-bit arithmetic subtraction function are considered. In the first method, called the model of approximation of a single S-box, approximations are calculated for arbitrary *m* consecutive bits, where *m* ≤ *n* is limited by the size of so-called table of pairs *TP*, used during calculation. In the second method, called the model of exact composition of approximations, the subtraction approximations are calculated as a composition of *k* approximations of *m*-bit subtraction cells, where *m* ≤ *n* is limited by the size of the same table of pairs *TP*. In the first method, the set of nonzero approximations is limited to approximations in the range of *m* consecutive bits while in the second method is not limited. For *n*-bit arithmetic subtraction function however, the approximation probability can be calculated with use of the methods in time O(l) and O(k), respectively.

## Key words

Cryptanalysis linear approximation arithmetic subtraction function## Preview

Unable to display preview. Download preview PDF.

## References

- [1]Biham E., Shamir A. 1993. ‘Differential Cryptanalysis of the Data Encryption Standard’.
*Springer-Verlag*, New York.Google Scholar - [2]Chmiel K. 1998. ‘Principles of Differential Cryptanalysis through the Example of the
*DES*Algorithm’. (In Polish).*Technical Report No. 461*. Poznań University of Technology, Chair of Control, Robotics and Computer Science, Poznań (Oct.).Google Scholar - [3]Chmiel K. 1999. ‘Principles of Linear Cryptanalysis through the Example of the
*DES*Algorithm’. (In Polish).*Technical Report No. 471*. Poznań University of Technology, Chair of Control, Robotics and Computer Science, Poznań (Oct.).Google Scholar - [4]Chmiel K. 2000. ‘Linear Cryptanalysis of the Reduced
*DES*Algorithms’.*Proceedings of the Regional Conference on Military Communication and Information Systems’ 2000*(Zegrze, Oct. 4–6) WIŁ, Zegrze, vol. 1, pp. 111–118.Google Scholar - [5]Chmiel K. 2000. ‘Differential Cryptanalysis of the Reduced
*DES*Algorithms’. (In Polish).*Studia z Automatyki i Informatyki*, vol. 25, pp. 127–146.Google Scholar - [6]Chmiel K. 2000. ‘Linear Approximation of S-box Functions’. (In Polish).
*Technical Report No. 471*. Poznań University of Technology, Chair of Control, Robotics and Computer Science, Poznań (Oct.).Google Scholar - [7]Chmiel K. 2001. ‘Linear Approximation of some S-box Functions’.
*Proceedings of the Regional Conference on Military Communication and Information Systems 2001*(Zegrze, Oct. 10–12) WIŁ, Zegrze, vol. 1, pp. 211–218.Google Scholar - [8]Chmiel K. 2001. ‘Linear Approximation of Arithmetic Sum’. (In Polish).
*Technical Report No. 481*. Poznań University of Technology, Chair of Control, Robotics and Computer Science, Poznań (Oct.).Google Scholar - [9]Chmiel K. 2002. ‘On Some Models of Arithmetic Sum Function Linear Approximation’.
*Proceedings of NATO Regional Conference on Military Communications and Information Systems 2002*(Zegrze, Oct. 9–11) WIŁ, Zegrze, vol. 2, pp. 199–204.Google Scholar - [10]Chmiel K. 2002. ‘Linear Approximation of Arithmetic Sum Function’.
*Proceedings of the 9-th International Conference on Advanced Computer Systems ACS’ 2002*(Międzyzdroje, Oct. 23–25), Szczecin, vol. 2, pp. 19–28.Google Scholar - [11]Górska A., Górski K., Kotulski Z., Paszkiewicz A., Szczepański J. 2001. ‘New Experimental Results in Differential — Linear Cryptanalysis of Reduced Variants of DES’.
*Proceedings of the 8-th International Conference on Advanced Computer Systems ACS’2001*, Mielno, vol. 1, pp. 333–346.Google Scholar - [12]Matsui M. 1993. ‘Linear Cryptanalysis Method for DES Cipher’.
*Advances in Cryptology Eurocrypt’ 93*.Google Scholar - [13]Matsui M. 1998. ‘Linear Cryptanalysis Method for DES Cipher’.
*Springer-Verlag*, New York.Google Scholar - [14]Zugaj A., Górski K., Kotulski Z., Szczepański J., Paszkiewicz A. 1999. ‘Extending Linear Cryptanalysis-Theory and Experiments’.
*Proceedings of the Regional Conference on Military Communication and Information Systems’ 99*(Zegrze, Oct. 6–8) WIŁ, Zegrze, vol. 2, pp.77–84.Google Scholar