The Piling-Up Lemma and Dependent Random Variables
In a linear cryptanalysis attack, several assumptions are made by the attacker. One of them is that the threefold sums used in the attack are independent. This allows one to apply then the Piling-up Lemma to them. According to this lemma, the imbalance of a sum modulo 2 of independent, binary-valued random variables is equal to the product of their imbalances. It is shown here that in some cases, both quantities can differ considerably for dependent random variables, but that they are almost equal for virtually all binary-valued random variables when the sample space on which these are defined is large enough.
KeywordsIndependent Random Variable Sample Space Similar Average Counting Argument Balance Function
Unable to display preview. Download preview PDF.
- 1.Carlo Harpes, Cryptanalysis of Iterated Block Ciphers, Vol. 7 of ETH Series in Information Processing, Ed. J.L. Massey, Hartung-Gorre Verlag, Konstanz, 1996. ISBN 3-89649-079-6.Google Scholar
- 2.Carlo Harpes, Gerhard G. Kramer, and James L. Massey, “A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma”, in Advances in Cryptology-Eurocrypt’95, Lecture Notes in Computer Science 921, pp. 24–38, Springer 1995. ISBN 3-540-59409-4.Google Scholar
- 3.Zsolt Kukorelly, On The Validity of Some Hypotheses Used in Linear Cryptanalysis, Vol. 13 of ETH Series in Information Processing, Ed. J.L. Massey, Hartung-Gorre Verlag, Konstanz, 1999. ISBN 3-89649-470-8.Google Scholar
- 4.Mitsuru Matsui, “Linear cryptanalysis method for DES cipher”, in Advances in Cryptology-Eurocrypt’93, Lecture Notes in Computer Science 765, pp. 386–397, Springer 1993. ISBN 3-540-57600-2.Google Scholar