Advertisement

Estimating Differential-Linear Distinguishers and Applications to CTC2

  • Chun GuoEmail author
  • Hailong Zhang
  • Dongdai Lin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)

Abstract

At FSE 2014, Blondeau et al. proposed an exact expression of the bias of differential-linear approximation and a multidimensional generalization of differential-linear distinguisher. In this paper, we study the application of the theory to concrete designs. We first propose a meet-in-the-middle style searching-and-estimating process. Then, we show that the capacity of a multiple differential distinguisher using χ 2 statistical test can be written as the summation of squared correlations of several differential-linear distinguishers. This link provides us with another approach to estimating the theoretical capacity of multiple differential distinguisher.

We apply the above methods to CTC2. CTC2 was designed by Courtois to show the strength of algebraic cryptanalysis on block ciphers. For CTC2 with a 255-bit block size and key, we give a multiple differential attack against 11-round version, which to our knowledge is the best with respect to the number of attacked rounds. Experimental results firmly verify the correctness of the proposed method. The attack itself, and its potential to be further extended, reveals that the resistance of CTC2 against statistical attacks may be much weaker than expected before.

Keywords

block cipher differential-linear cryptanalysis truncated differential multiple differential cryptanalysis CTC2 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham, E., Dunkelman, O., Keller, N.: Enhancing differential-linear cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 254–266. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round des. In: Brickell, E.F. (ed.) Advances in Cryptology - CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)Google Scholar
  4. 4.
    Blondeau, C., Gérard, B., Nyberg, K.: Multiple differential cryptanalysis using LLR and χ 2 statistics. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 343–360. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Blondeau, C., Leander, G., Nyberg, K.: Differential-linear cryptanalysis revisited. In: FSE 2012. LNCS. Springer, Heidelberg (2014) (to appear) Google Scholar
  6. 6.
    Blondeau, C., Nyberg, K.: New links between differential and linear cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Blondeau, C., Nyberg, K.: Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 165–182. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  8. 8.
    Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 356–365. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  9. 9.
    Cho, J.Y.: Linear cryptanalysis of reduced-round PRESENT. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 302–317. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Courtois, N.T.: Ctc2 and fast algebraic attacks on block ciphers revisisted. Tech. rep., Cryptology ePrint Archive, Report 2007/152 (2007), http://eprint.iacr.org
  11. 11.
    Dunkelman, O., Keller, N.: Cryptanalysis of CTC2. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 226–239. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Lallemand, V., Naya-Plasencia, M.: Cryptanalysis of klein. In: Fast Software Encryption (2014) (to appear)Google Scholar
  13. 13.
    Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y.G. (ed.) Advances in Cryptology - CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Liu, Z., Gu, D., Zhang, J., Li, W.: Differential-multiple linear cryptanalysis. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 35–49. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Lu, J.: A methodology for differential-linear cryptanalysis and its applications. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 69–89. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Lu, J.: A methodology for differential-linear cryptanalysis and its applications. In: Designs, Codes and Cryptography pp. 1–38 (2014)Google Scholar
  17. 17.
    Matsui, M.: Linear cryptanalysis method for des cipher. In: Helleseth, T. (ed.) Advances in Cryptology - EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  18. 18.
    Matsui, M., Yamagishi, A.: A new method for known plaintext attack of feal cipher. In: Rueppel, R.A. (ed.) Advances in Cryptology - EUROCRYPT 1992. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations