Results 1 
1 of
1
A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Pilingup Lemma
, 1995
"... . Matsui's linear cryptanalysis for iterated block ciphers is generalized by replacing his linear expressions with I#O sums. For a single round, an I#O sum is the XOR of a balanced binaryvalued function of the round input and a balanced binaryvalued function of the round output. The basic att ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
. Matsui's linear cryptanalysis for iterated block ciphers is generalized by replacing his linear expressions with I#O sums. For a single round, an I#O sum is the XOR of a balanced binaryvalued function of the round input and a balanced binaryvalued function of the round output. The basic attack is described and conditions for it to be successful are given. A procedure for #nding e#ective I#O sums, i.e., I#O sums yielding successful attacks, is given. A cipher contrived to be secure against linear cryptanalysis but vulnerable to this generalization of linear cryptanalysis is given. Finally, it is argued that the ciphers IDEA and SAFER K64 are secure against this generalization. Keywords. Linear cryptanalysis, di#erential cryptanalysis, pilingup lemma, IDEA, SAFER. 1 Introduction Linear cryptanalysis, whichwas introduced by Matsui in #Mat93# to attack DES, is an attack that applies to any iterated block cipher. In this paper, wedevelop a generalized version of linear cryptanalysis...