Differential cryptanalysis analyzes ciphers by studyingthe development of differences duringencryption. Linear cryptanalysis is similar but is based on studyingappro ximate linear relations. In 1994, Langford and Hellman showed that both kinds of analysis can be combined together by a technique called differential-linear cryptanalysis, in which the differential part creates a linear approximation with probability 1. They applied their technique to 8-round DES. In this paper we present an enhancement of differential-linear cryptanalysis in which the inherited linear probability is smaller than 1. We use this extension to describe a differential-linear distinguisher for a 7-round reducedversion of DES, and to present the best known key-recovery attack on a 9-round reduced-version of DES. We use our enhanced technique to attack COCONUT98 with time complexity 233.7 encryptions and 227.7 chosen plaintexts.
|Title of host publication||Advances in Cryptology - ASIACRYPT 2002 - 8th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings|
|Number of pages||13|
|ISBN (Print)||3540001719, 9783540001713|
|State||Published - 2002|
|Event||8th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2002 - Queenstown, New Zealand|
Duration: 1 Dec 2002 → 5 Dec 2002
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||8th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2002|
|Period||1/12/02 → 5/12/02|
Bibliographical notePublisher Copyright:
© Springer-Verlag Berlin Heidelberg 2002.
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science (all)