当前位置:
X-MOL 学术
›
J. Cryptol.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Multidimensional Linear Cryptanalysis
Journal of Cryptology ( IF 2.3 ) Pub Date : 2018-11-12 , DOI: 10.1007/s00145-018-9308-x Miia Hermelin , Joo Yeon Cho , Kaisa Nyberg
Journal of Cryptology ( IF 2.3 ) Pub Date : 2018-11-12 , DOI: 10.1007/s00145-018-9308-x Miia Hermelin , Joo Yeon Cho , Kaisa Nyberg
Linear cryptanalysis introduced by Matsui is a statistical attack which exploits a binary linear relation between plaintext, ciphertext and key, either in Algorithm 1 for recovering one bit of information of the secret key of a block cipher, or in Algorithm 2 for ranking candidate values for a part of the key. The statistical model is based on the expected and observed bias of a single binary value. Multiple linear approximations have been used with the goal to make the linear attack more efficient. More bits of information of the key can potentially be recovered possibly using less data. But then also more elaborated statistical models are needed to capture the joint behaviour of several not necessarily independent binary variables. Also more options are available for generalising the statistics of a single variable to several variables. The multidimensional extension of linear cryptanalysis to be introduced in this paper considers using multiple linear approximations that form a linear subspace. Different extensions of Algorithm 1 and Algorithm 2 will be presented and studied. The methods will be based on known statistical tools such as goodness-of-fit test and log-likelihood ratio. The efficiency of the different methods will be measured and compared in theory and experiments using the concept of advantage introduced by Selçuk. The block cipher Serpent with a reduced number of rounds will be used as test bed. The multidimensional linear cryptanalysis will also be compared with previous methods that use biasedness of multiple linear approximations. It will be shown in the simulations that the multidimensional method is potentially more powerful. Its main theoretical advantage is that the statistical model can be given without the assumption about statistical independence of the linear approximations.
中文翻译:
多维线性密码分析
Matsui 引入的线性密码分析是一种统计攻击,它利用明文、密文和密钥之间的二元线性关系,在算法 1 中恢复分组密码的秘密密钥的一位信息,或在算法 2 中对候选值进行排序钥匙的一部分。统计模型基于单个二进制值的预期和观察到的偏差。多个线性近似已被用于使线性攻击更有效的目标。可以使用更少的数据潜在地恢复更多位的密钥信息。但是,还需要更详细的统计模型来捕获几个不一定独立的二元变量的联合行为。还有更多选项可用于将单个变量的统计量概括为多个变量。本文将介绍的线性密码分析的多维扩展考虑使用形成线性子空间的多个线性近似。将介绍和研究算法 1 和算法 2 的不同扩展。这些方法将基于已知的统计工具,例如拟合优度检验和对数似然比。将使用 Selçuk 引入的优势概念在理论和实验中测量和比较不同方法的效率。轮数减少的分组密码 Serpent 将用作测试平台。多维线性密码分析还将与以前使用多重线性近似的偏差的方法进行比较。模拟中将显示多维方法可能更强大。
更新日期:2018-11-12
中文翻译:
多维线性密码分析
Matsui 引入的线性密码分析是一种统计攻击,它利用明文、密文和密钥之间的二元线性关系,在算法 1 中恢复分组密码的秘密密钥的一位信息,或在算法 2 中对候选值进行排序钥匙的一部分。统计模型基于单个二进制值的预期和观察到的偏差。多个线性近似已被用于使线性攻击更有效的目标。可以使用更少的数据潜在地恢复更多位的密钥信息。但是,还需要更详细的统计模型来捕获几个不一定独立的二元变量的联合行为。还有更多选项可用于将单个变量的统计量概括为多个变量。本文将介绍的线性密码分析的多维扩展考虑使用形成线性子空间的多个线性近似。将介绍和研究算法 1 和算法 2 的不同扩展。这些方法将基于已知的统计工具,例如拟合优度检验和对数似然比。将使用 Selçuk 引入的优势概念在理论和实验中测量和比较不同方法的效率。轮数减少的分组密码 Serpent 将用作测试平台。多维线性密码分析还将与以前使用多重线性近似的偏差的方法进行比较。模拟中将显示多维方法可能更强大。
京公网安备 11010802027423号