2014
DOI: 10.1007/978-3-662-43933-3_2
|View full text |Cite
|
Sign up to set email alerts
|

On the Wrong Key Randomisation and Key Equivalence Hypotheses in Matsui’s Algorithm 2

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

2
92
0

Year Published

2014
2014
2020
2020

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 28 publications
(94 citation statements)
references
References 25 publications
2
92
0
Order By: Relevance
“…p of the key we observed in this paper has been considered, and more advanced statistical models have been developed. The variance due to random key was first integrated in the wrong key model of one-dimensional linear cryptanalysis [8], then to the model of the cipher [21] and finally for both [6] considering also explicitly the case of sampling without replacement. Since 2012, the hypothesis testing model has been adopted in many works on statistical cryptanalysis to determine distinguishing complexity [7] and data complexity for key recovery.…”
Section: Later Developmentsmentioning
confidence: 99%
“…p of the key we observed in this paper has been considered, and more advanced statistical models have been developed. The variance due to random key was first integrated in the wrong key model of one-dimensional linear cryptanalysis [8], then to the model of the cipher [21] and finally for both [6] considering also explicitly the case of sampling without replacement. Since 2012, the hypothesis testing model has been adopted in many works on statistical cryptanalysis to determine distinguishing complexity [7] and data complexity for key recovery.…”
Section: Later Developmentsmentioning
confidence: 99%
“…Then, by considering many trails in one approximation [24,25], the linear hull effect raises interesting discussions about fixed-key behaviors in single linear approximations [22,21]. Daemen et al gave a fixed-key probability distribution for single linear correlations [13], leading to subsequent works on e.g., fundamental assumptions [9], the effect of key schedules [1] and measures for data complexity [19], all for single linear attacks. However, we still do not understand the situation in multidimensional linear cryptanalysis.…”
Section: Introductionmentioning
confidence: 99%
“…However, neither is correct. As we know, the key equivalent hypothesis has been questioned for single linear approximations and differential trails [9,5,12]. Now this hypothesis also requires adjustment in multidimensional linear setting.…”
Section: Introductionmentioning
confidence: 99%
“…As shown in [4], the most deviations between the two models occur when adversary seeks a particularly big advantage or the data complexity gets close to the whole codebook. The advantage a in our attack is only 8, thus we try to reduce the data complexity in the next subsection.…”
Section: -Round Linear Approximationmentioning
confidence: 99%
“…By studying the 25 linear approximations, we found that they could S-box1 S-box2 0x1f 0x33 0x23 0x4e 0x3c 0x8c 0x95 0xbf 0xa9 0xf1 [12], the success rate P S = Φ( √ N C p − Φ −1 (1 − 2 −m−a )) = 89.55%; if we evaluate the success rate by means of [4], it will be 88.71%.…”
Section: Reducing the Data Complexity Of The 23-round Attack By Multimentioning
confidence: 99%