The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
La cryptanalyse linéaire utilisant des méthodes de tamisage est une technique proposée par Takeda et al. en 1998 comme une attaque capable de briser des chiffrements avec des quantités de données inférieures à celles de la cryptanalyse linéaire (LC) en utilisant des données qui satisfont aux conditions de tamisage linéaire. Cet article montre que lorsque l'on considère la quantité de données requises pour la cryptanalyse dans la cryptanalyse linéaire tamisée (S-LC) proposée par Takeda et al., il est nécessaire de prendre en compte l'indépendance des clés relatives au masque linéaire (clé linéaire). et des touches relatives au masque de tamis linéaire (Touche Tamis) dans les tours qui sont affectés par ces touches. Si p est la probabilité que l'expression approchée linéaire soit vraie et p* est la probabilité après application du tamis linéaire, alors il a été montré que lorsque les touches linéaires sont indépendantes des touches tamis, alors il est nécessaire de sélectionner le masque linéaire et le masque de tamis linéaire de sorte qu'une plus grande valeur de p*-p Est obtenu. Il est également montré que la quantité de données nécessaire pour S-LC ne peut pas être réduite en dessous de la quantité de données nécessaire pour LC lorsque la clé linéaire et la clé Sieve ne sont pas indépendantes. Dans la cryptanalyse linéaire à tamis fixe, il est montré que la quantité de données nécessaire à la cryptanalyse ne peut pas être réduite quelle que soit l'indépendance de la clé linéaire et de la clé Sieve.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Yukiyasu TSUNOO, Hiroki NAKASHIMA, Hiroyasu KUBO, Teruo SAITO, Takeshi KAWABATA, "Results of Linear Cryptanalysis Using Linear Sieve Methods" in IEICE TRANSACTIONS on Fundamentals,
vol. E92-A, no. 5, pp. 1347-1355, May 2009, doi: 10.1587/transfun.E92.A.1347.
Abstract: Linear cryptanalysis using sieve methods is a technique proposed by Takeda et al. in 1998 as an attack capable of breaking ciphers with smaller amounts of data than linear cryptanalysis (LC) by using data that satisfies linear sieve conditions. This paper shows that when considering the amount of data required for cryptanalysis in Takeda et al.'s proposed sieved linear cryptanalysis (S-LC), it is necessary to take into account the independence of keys relating to the linear mask (Linear key) and keys relating to the linear sieve mask (Sieve key) in rounds that are affected by these keys. If p is the probability that the linear approximate expression holds and p* is the probability after applying the linear sieve, then it has been shown that when the Linear keys are independent of the Sieve keys, then it is necessary to select the linear mask and linear sieve mask so that a larger value of p*-p is obtained. It is also shown that the amount of data needed for S-LC cannot be reduced below the amount of data needed for LC when the Linear key and Sieve key are not independent. In fixed sieve linear cryptanalysis, it is shown that the amount of data needed for cryptanalysis cannot be reduced regardless of the independence of the Linear key and Sieve key.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.1347/_p
Copier
@ARTICLE{e92-a_5_1347,
author={Yukiyasu TSUNOO, Hiroki NAKASHIMA, Hiroyasu KUBO, Teruo SAITO, Takeshi KAWABATA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Results of Linear Cryptanalysis Using Linear Sieve Methods},
year={2009},
volume={E92-A},
number={5},
pages={1347-1355},
abstract={Linear cryptanalysis using sieve methods is a technique proposed by Takeda et al. in 1998 as an attack capable of breaking ciphers with smaller amounts of data than linear cryptanalysis (LC) by using data that satisfies linear sieve conditions. This paper shows that when considering the amount of data required for cryptanalysis in Takeda et al.'s proposed sieved linear cryptanalysis (S-LC), it is necessary to take into account the independence of keys relating to the linear mask (Linear key) and keys relating to the linear sieve mask (Sieve key) in rounds that are affected by these keys. If p is the probability that the linear approximate expression holds and p* is the probability after applying the linear sieve, then it has been shown that when the Linear keys are independent of the Sieve keys, then it is necessary to select the linear mask and linear sieve mask so that a larger value of p*-p is obtained. It is also shown that the amount of data needed for S-LC cannot be reduced below the amount of data needed for LC when the Linear key and Sieve key are not independent. In fixed sieve linear cryptanalysis, it is shown that the amount of data needed for cryptanalysis cannot be reduced regardless of the independence of the Linear key and Sieve key.},
keywords={},
doi={10.1587/transfun.E92.A.1347},
ISSN={1745-1337},
month={May},}
Copier
TY - JOUR
TI - Results of Linear Cryptanalysis Using Linear Sieve Methods
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1347
EP - 1355
AU - Yukiyasu TSUNOO
AU - Hiroki NAKASHIMA
AU - Hiroyasu KUBO
AU - Teruo SAITO
AU - Takeshi KAWABATA
PY - 2009
DO - 10.1587/transfun.E92.A.1347
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E92-A
IS - 5
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - May 2009
AB - Linear cryptanalysis using sieve methods is a technique proposed by Takeda et al. in 1998 as an attack capable of breaking ciphers with smaller amounts of data than linear cryptanalysis (LC) by using data that satisfies linear sieve conditions. This paper shows that when considering the amount of data required for cryptanalysis in Takeda et al.'s proposed sieved linear cryptanalysis (S-LC), it is necessary to take into account the independence of keys relating to the linear mask (Linear key) and keys relating to the linear sieve mask (Sieve key) in rounds that are affected by these keys. If p is the probability that the linear approximate expression holds and p* is the probability after applying the linear sieve, then it has been shown that when the Linear keys are independent of the Sieve keys, then it is necessary to select the linear mask and linear sieve mask so that a larger value of p*-p is obtained. It is also shown that the amount of data needed for S-LC cannot be reduced below the amount of data needed for LC when the Linear key and Sieve key are not independent. In fixed sieve linear cryptanalysis, it is shown that the amount of data needed for cryptanalysis cannot be reduced regardless of the independence of the Linear key and Sieve key.
ER -