Skip to main content
SpringerLink
Log in

Multidimensional Zero-Correlation Linear Cryptanalysis of E2

  • Conference paper
Book cover Progress in Cryptology – AFRICACRYPT 2014 (AFRICACRYPT 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8469))

Included in the following conference series:

Abstract

E2 is a block cipher designed by NTT and was a first-round AES candidate. E2’s design principles influenced several more recent block ciphers including Camellia, an ISO/IEC standard cipher. So far the cryptanalytic results for round-reduced E2 have been concentrating around truncated and impossible differentials. At the same time, rather recently at SAC’13, it has been shown how to improve upon the impossible differential cryptanalysis of Camellia with the zero-correlation linear cryptanalysis. Due to some similarities between E2 and Camellia, E2 might also render itself more susceptible to this type of cryptanalysis.

In this paper, we investigate the security of E2 against zero-correlation linear cryptanalysis. We identify zero-correlation linear approximations over 6 rounds of E2. With these linear approximations, we can attack 8-round E2-128 and 9-round E2-256 without IT and FT. The attack on 8-round E2-128 requires 2124.1 known plaintexts (KPs), 2119.3 encryptions and 299 bytes memory. The attack on 9-round E2-256 requires 2124.6 KPs, 2225.5 encryptions and 299 bytes memory. In contrast, the previous attacks on 8-round E2-128 had an uncertain time complexity and one could only attack 8-round E2-256. Besides, for the first time, we propose a key recovery attack on reduced-round E2 with both IT and FT taken into consideration. More concretely, we can attack 6-round E2-128 with 2123.7 KPs, 2119.1 encryptions and 229 bytes and 7-round E2-256 requires 2124.7 KPs, 2252.8 encryptions and 291 bytes when both IT and FT are considered.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms-Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Biham, E.: On Matsui’s Linear Cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 341–355. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  3. Bogdanov, A., Rijmen, V.: Linear Hulls with Correlation Zero and Linear Cryptanalysis of Block Ciphers. Accepted to Designs, Codes and Cryptography (2012) (in press)

    Google Scholar 

  4. Bogdanov, A., Wang, M.: Zero Correlation Linear Cryptanalysis with Reduced Data Complexity. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 29–48. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and Multidimensional Linear Distinguishers with Correlation Zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Soleimany, H., Nyberg, K.: Zero-Correlation Linear Cryptanalysis of Reduced-Round LBlock. In: WCC 2013 (2013)

    Google Scholar 

  7. Blondeau, C., Nyberg, K.: New Links Between Differential and Linear Cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  8. Bogdanov, A., Geng, H., Wang, M., Wen, L., Collard, B.: Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA. In: SAC 2013. LNCS. Springer (2014)

    Google Scholar 

  9. ISO/IEC 18033-3:2005, Information technology – Security techniques – Encryption algrithm – Part 3: Block Ciphers (July 2005)

    Google Scholar 

  10. Kanda, M., Moriai, S., Aoki, K., Ueda, H., Takashima, Y., Ohta, K., Matsumoto, T.: E2-a new 128-bit block cipher. IEICE Transactions Fundamentals of Electronics, Communications and Computer Sciences E83-A(1), 48–59 (2000)

    Google Scholar 

  11. Matsui, M.: Linear Cryptanalysis Method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  12. Matsui, M.: On Correlation between the Order of S-boxes and the Strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  13. Hermelin, M., Cho, J.Y., Nyberg, K.: Multidimensional Extension of Matsui’s Algorithm 2. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 209–227. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Matsui, M., Tokita, T.: Cryptanalysis of a Reduced Version of the Block Cipher E2. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 71–80. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  15. Moriai, S., Sugita, M., Aoki, K., Kanda, M.: Security of E2 against Truncated Differential Cryptanalysis. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 106–117. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  16. Wei, Y., Li, P., Sun, B., Li, C.: Impossible Differential Cryptanalysis on Feistel Ciphers with SP and SPS Round Functions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 105–122. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. Wei, Y., Yang, X., Li, C., Du, W.: Impossible Differential Cryptanalysis on Tweaked E2. In: Xu, L., Bertino, E., Mu, Y. (eds.) NSS 2012. LNCS, vol. 7645, pp. 392–404. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, 250100, China

    Long Wen & Meiqin Wang

  2. Technical University of Denmark, Denmark

    Andrey Bogdanov

Authors
  1. Long Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Meiqin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrey Bogdanov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Ecole Normale Supérieure, 45, rue d’Ulm, 75005, Paris, France

    David Pointcheval  & Damien Vergnaud  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Wen, L., Wang, M., Bogdanov, A. (2014). Multidimensional Zero-Correlation Linear Cryptanalysis of E2. In: Pointcheval, D., Vergnaud, D. (eds) Progress in Cryptology – AFRICACRYPT 2014. AFRICACRYPT 2014. Lecture Notes in Computer Science, vol 8469. Springer, Cham. https://doi.org/10.1007/978-3-319-06734-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06734-6_10

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06733-9

  • Online ISBN: 978-3-319-06734-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation