Abstract
In this paper, we consider the statistical decision processes behind a linear and a differential cryptanalysis. By applying techniques and concepts of statistical hypothesis testing, we describe precisely the shape of optimal linear and differential distinguishers and we improve known results of Vaudenay concerning their asymptotic behaviour. Furthermore, we formalize the concept of “sequential distinguisher” and we illustrate potential applications of such tools in various statistical attacks.
Chapter PDF
Similar content being viewed by others
References
E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems (extended abstract), Advances in Cryptology — CRYPTO’90, LNCS, vol. 537, Springer-Verlag, 1990, pp. 2–21.
—, Differential cryptanalysis of DES-like cryptosystems, Journal of Cryptology 4 (1991), No. 1, 3–72.
—, Differential cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
C. Cachin, An information-theoretic model for steganography, Information Hiding, 2nd International Workshop, LNCS, vol. 1525, Springer-Verlag, 1998, pp. 306–318.
—, An information-theoretic model for steganography, Available on http://eprint.iacr.org/2000/028/, 2000.
F. Chabaud and S. Vaudenay, Links between differential and linear cryptanalysis, Advances in Cryptology — EUROCRYPT’94, LNCS, vol. 950, Springer-Verlag, 1995, pp. 356–365.
D. Coppersmith, S. Halevi, and C. Jutla, Cryptanalysis of stream ciphers with linear masking, Advances in Cryptology — CRYPTO’02, LNCS, vol. 2442, Springer-Verlag, 2002, pp. 515–532.
T. M. Cover and J. A. Thomas, Information theory, Wiley Series in Telecommunications, Wiley, 1991.
D. Davies and S. Murphy, Pairs and triples of DES S-boxes, Journal of Cryptology 8 (1995), No. 1, 1–25.
H. Gilbert, H. Handschuh, A. Joux, and S. Vaudenay, A statistical attack on RC6, Fast Software Encryption FSE’00, LNCS, vol. 1978, Springer-Verlag, 2000, pp. 65–74.
G.R. Grimmett and D.R. Stirzaker, Probability and random processes, Oxford University Press, 2001, 3rd edition.
H. Handschuh and H. Gilbert, χ2 cryptanalysis of the SEAL encryption algorithm, Fast Software Encryption FSE’97, LNCS, vol. 1267, Springer-Verlag, 1997, pp. 1–12.
C. Harpes and J. Massey, Partitioning cryptanalysis, Fast Software Encryption FSE’97, LNCS, vol. 1267, Springer-Verlag, 1997, pp. 13–27.
P. Junod, On the optimality of linear, differential and sequential distinguishers (full version), Available on http://eprint.iacr.org and on http://crypto.junod.info, 2003.
L. Knudsen and W. Meier, Correlations in RC6 with a reduced number of rounds, Fast Software Encryption FSE’00, LNCS, vol. 1978, Springer-Verlag, 2000, pp. 94–108.
M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions, SIAM Journal on Computing 17 (1988), No. 2, 373–386.
M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology — EUROCRYPT’ 93, LNCS, vol. 765, Springer-Verlag, 1993, pp. 386–397.
—, The first experimental cryptanalysis of the Data Encryption Standard, Advances in Cryptology — CRYPTO’94, LNCS, vol. 839, Springer-Verlag, 1994, pp. 1–11.
U. Maurer, A unified and generalized treatment of authentication theory, Proc. 13th Symp. on Theoretical Aspects of Computer Science (STACS’96), LNCS, vol. 1046, Springer-Verlag, 1996, pp. 387–398.
—, Authentication theory and hypothesis testing, IEEE Transactions on Information Theory 46 (2000), No. 4, 1350–1356.
M. Minier and H. Gilbert, Stochastic cryptanalysis of Crypton, Fast Software Encryption FSE’00, LNCS, vol. 1978, Springer-Verlag, 2000, pp. 121–133.
S. Murphy, F. Piper, M. Walker, and P. Wild, Likelihood estimation for block cipher keys, Technical report, Information Security Group, University of London, England, 1995.
K. Nyberg, Perfect nonlinear S-boxes, Advances in Cryptology — EUROCRYPT’91, LNCS, vol. 547, Springer-Verlag, 1991, pp. 378–386.
National Bureau of Standards, Data Encryption Standard, U.S. Department of Commerce, 1977.
T. Pornin, Optimal resistance against the Davies and Murphy attack, Advances in Cryptology — ASIACRYPT’98, LNCS, vol. 1514, Springer-Verlag, 2000, pp. 148–159.
J. A. Rice, Mathematical statistics and data analysis, Duxbury Press, 1995.
D. Siegmund, Sequential analysis — tests and confidence intervals, Springer-Verlag, 1985.
S. Vaudenay, Decorrelation: a theory for block cipher security, to appear in the Journal of Cryptology, Available on http://lasecwww.epfl.ch.
—, An experiment on DES statistical cryptanalysis, 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp. 139–147.
—, Resistance against general iterated attacks, Advances in Cryptology — EUROCRYPT’ 99, LNCS, vol. 1592, Springer-Verlag, 1999, pp. 255–271.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Junod, P. (2003). On the Optimality of Linear, Differential, and Sequential Distinguishers. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_2
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive