Linear Cryptanalysis

In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear cryptanalysis is one of the two most widely used attacks on block ciphers; the other being differential cryptanalysis.

The discovery is attributed to Mitsuru Matsui, who first applied the technique to the FEAL cipher (Matsui and Yamagishi, 1992). Subsequently, Matsui published an attack on the Data Encryption Standard (DES), eventually leading to the first experimental cryptanalysis of the cipher reported in the open community (Matsui, 1993; 1994). The attack on DES is not generally practical, requiring 243 known plaintexts.

A variety of refinements to the attack have been suggested, including using multiple linear approximations or incorporating non-linear expressions, leading to a generalized partitioning cryptanalysis. Evidence of security against linear cryptanalysis is usually expected of new cipher designs.

Read more about Linear CryptanalysisOverview

Other articles related to "linear cryptanalysis, cryptanalysis, linear":

Block Cipher - Cryptanalysis - Linear Cryptanalysis
... Linear cryptanalysis is a form of cryptanalysis based on finding affine approximations to the action of a cipher ... Linear cryptanalysis is one of the two most widely used attacks on block ciphers the other being differential cryptanalysis ...
Partitioning Cryptanalysis
... In cryptography, partitioning cryptanalysis is a form of cryptanalysis for block ciphers ... Developed by Carlo Harpes in 1995, the attack is a generalization of linear cryptanalysis ... Harpes originally replaced the bit sums (affine transformations) of linear cryptanalysis with more general balanced Boolean functions ...
Linear Cryptanalysis - Overview - Deriving Key Bits
... Having obtained a linear approximation of the form This procedure can be repeated with other linear approximations, obtaining guesses at values of key bits, until the number of unknown ...
Data Encryption Standard - Security and Cryptanalysis - Attacks Faster Than Brute-force
... complexity than a brute-force search differential cryptanalysis (DC), linear cryptanalysis (LC), and Davies' attack ... Differential cryptanalysis was rediscovered in the late 1980s by Eli Biham and Adi Shamir it was known earlier to both IBM and the NSA and kept secret ... To break the full 16 rounds, differential cryptanalysis requires 249 chosen plaintexts ...