Abstract
In this paper we introduce the method of bi-linear cryptanalysis (BLC), designed specifically to attack Feistel ciphers. It allows to construct periodic biased characteristics that combine for an arbitrary number of rounds. In particular, we present a practical attack on DES based on a 1-round invariant, the fastest known based on such invariant, and about as fast as the best Matsui’s attack. For ciphers similar to DES, based on small S-boxes, we claim that BLC is very closely related to LC, and we do not expect to find a bi-linear attack much faster than by LC. Nevertheless we have found bi-linear characteristics that are strictly better than the best Matsui’s result for 3, 7, 11 and more rounds.
For more general Feistel schemes there is no reason whatsoever for BLC to remain only a small improvement over LC. We present a construction of a family of practical ciphers based on a big Rijndael-type S-box that are strongly resistant against linear cryptanalysis (LC) but can be easily broken by BLC, even with 16 or more rounds.
Chapter PDF
Similar content being viewed by others
Keywords
References
Biham, E.: On Matsui’s Linear Cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 341–355. Springer, Heidelberg (1995)
Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology 4, 3–72 (1991)
Canteaut, A., Videau, M.: Degree of composition of highly nonlinear functions and applications to higher order differential cryptanalysis. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 518. Springer, Heidelberg (2002)
Tardy-Corfdir, A., Gilbert, H.: A Known Plaintext Attack of FEAL-4 and FEAL-6. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 172–181. Springer, Heidelberg (1992)
Courtois, N., Castagnos, G., Goubin, L.: What do DES S-boxes Say to Each Other? Available on, eprint.iacr.org/2003/184/
Davies, D.W.: Some Regular Properties of the Data Encryption Standard. In: Advances in Cryptology 1981 - 1997, pp. 89–96. Plenum Press, New-York (1982)
Davies, D., Murphy, S.: Pairs and Triplets of DES S-Boxes. Journal of Cryptology 8(1), 1–25 (1995)
Data Encryption Standard (DES), Federal Information Processing Standards Publication (FIPS PUB) 46-3, National Bureau of Standards, Gaithersburg, MD (1999), http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
Harpes, C., Kramer, G., Massey, J.: A Generalization of Linear Cryptanalysis and the Applicability of Matsui’s Piling-up Lemma. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 24–38. Springer, Heidelberg (1995)
Harpes, C.: Cryptanalysis of iterated block ciphers. In: Massey, J.L. (ed.) PhD thesis, No 11625, Swiss Federal Int. of Tech., ETH Series in Information Processing, Hartung-Gorre Verlag Konstanz (1996) ISBN 3-89649-079-6, ISSN 0942-3044
Harpes, C.: Partitioning Cryptanalysis. Post-Diploma Thesis, Signal and Information Processing Lab., Swiss Federal Institute of Technology, Zurich (March 1995), http://www.isi.ee.ethz.ch/~harpes/pc.ps
Jakobsen, T., Harpes, C.: Non-Uniformity Measures for Generalized Linear Cryptanalysis and Partitioning Cryptanalysis. In: Pragocrypt 1996 (1996)
Jakobsen, T.: Correlation Attacks on Block Ciphers, Master’s Thesis, Dept. of Mathematics, Technical University of Denmark (January 1996)
Jakobsen, T.: Higher-Order Cryptanalysis of Block Ciphers. Ph.D. thesis, Dept. of Math., Technical University of Denmark (1999)
Jakobsen, T.: Cryptanalysis of Block Ciphers with Probabilistic Non-Linear Relations of Low Degree. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 212–222. Springer, Heidelberg (1998)
Junod, P.: On the complexity of Matsui’s attack. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 199–211. Springer, Heidelberg (2001)
Kaliski Jr, B.S., Robshaw, M.J.B.: Linear Cryptanalysis Using Multiple Approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994)
Kaneko, T., Shimoyama, T.: Quadratic Relation of S-box and Its Application to the Linear Attack of Full Round DES. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 200–211. Springer, Heidelberg (1998)
Kim, K., Lee, S., Park, S., Lee, D.: Securing DES S-boxes against Three Robust Cryptanalysis. In: SAC 1995, pp. 145–157 (1995)
Knudsen, L.R., Robshaw, M.J.B.: Non-Linear Characteristics in Linear Cryptoanalysis. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 224–236. Springer, Heidelberg (1996)
Knudsen, L.R., Mathiassen, J.E.: A Chosen-Plaintext Linear Attack on DES. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 262–272. Springer, Heidelberg (2001)
Kwan, M.: The Design of the ICE Encryption Algorithm. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 69–82. Springer, Heidelberg (1997), Available from http://www.darkside.com.au/ice/ice.ps.gz
Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994)
Luby, M., Rackoff, C.W.: How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing 17(2), 373–386 (1988)
Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995)
Matsui, M.: The First Experimental Cryptanalysis of the Data Encryption Standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Patarin, J.: How to construct pseudorandom and super pseudorandom permutations from one single pseudorandom function. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 256–266. Springer, Heidelberg (1993)
Shamir, A.: On the security of DES. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 280–281. Springer, Heidelberg (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Courtois, N.T. (2004). Feistel Schemes and Bi-linear Cryptanalysis. In: Franklin, M. (eds) Advances in Cryptology – CRYPTO 2004. CRYPTO 2004. Lecture Notes in Computer Science, vol 3152. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-28628-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-28628-8_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22668-0
Online ISBN: 978-3-540-28628-8
eBook Packages: Springer Book Archive