A unified Markov approach to differential and linear cryptanalysis

  • Luke O'Connor
  • Jovan Dj. Golić
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 917)


Differential and linear cryptanalysis are two attacks on product ciphers that use approximations of the round function F to derive information about the secret key. For the case of differential cryptanalysis, it is well-known that the probability of differentials can be modeled by a Markov chain, and it is known, for example, that the chain for DES converges to the uniform distribution. In this paper, a Markov chain for linear cryptanalysis is introduced as well and it is proved that both chains converge to the uniform distribution for almost all round functions F. This implies that in the independent random subkey model, almost all product ciphers become immune to both differential and linear cryptanalysis after a sufficient number of rounds.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. B. Ash. Information Theory. New York: Dover Publications, 1965.Google Scholar
  2. 2.
    E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.Google Scholar
  3. 3.
    W. Feller. An Introduction to Probability Theory and its Applications. New York: Wiley, 3rd edition, Volume 1, 1968.Google Scholar
  4. 4.
    R. G. Gallager. Low Density Parity Check Codes. MIT Press, Cambridge. Mass., 1963.Google Scholar
  5. 5.
    G. Hornauer, W. Stephan, and R. Wernsdorf. Markov ciphers and alternating groups. Advances in Cryptology, EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 453–460, 1994.Google Scholar
  6. 6.
    X. Lai. On the design and security of block ciphers. ETH Series in Information Processing, editor J. Massey, Hartung-Gorre Verlag Konstanz, 1992.Google Scholar
  7. 7.
    X. Lai, J. Massey, and S. Murphy. Markov ciphers and differential analysis. In Advances in Cryptology, EUROCRYPT 91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 17–38, 1991.Google Scholar
  8. 8.
    M. Matsui. Linear cryptanalysis of DES cipher (I). (version 1.03) private communication.Google Scholar
  9. 9.
    M. Matsui. Linear cryptanalysis method for DES cipher. Advances in Cryptology, EUROCRYPT 93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pages 386–397, 1994.Google Scholar
  10. 10.
    W. Meier and O. Staffelbach. Nonlinearity criteria for cryptographic functions. Advances in Cryptology, EUROCRYPT 89, Lecture Notes in Computer Science, vol. 434, J.-J. Quisquater, J. Vandewalle eds., Springer-Verlag, pages 549–562, 1990.Google Scholar
  11. 11.
    K. Nyberg and L. R. Knudsen. Provable security against differential cryptanalysis. Advances in Cryptology, CRYPTO 92, Lecture Notes in Computer Science, vol. 740, E. F. Brickell ed., Springer-Verlag, pages 566–574, 1993.Google Scholar
  12. 12.
    I. Palásti. On the strong connectedness of random graphs. Studia Sci. Math. Hungar., 1:205–214, 1966.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Luke O'Connor
    • 1
    • 2
  • Jovan Dj. Golić
    • 2
    • 3
  1. 1.Distributed Systems Technology Centre (DSTC)BrisbaneAustralia
  2. 2.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia
  3. 3.School of Electrical EngineeringUniversity of BelgradeAustralia

Personalised recommendations