Results 1 
2 of
2
Partitioning Cryptanalysis
 Fast Software Encryption, 4th International Workshop Proceedings
, 1997
"... . Matsui's linear cryptanalysis for iterated block ciphers is generalized to an attack called #. This attack exploits a weakness that can be described by an e#ective partitionpair, i.e., a partition of the plaintext set and a partition of the nexttolastround output set such that, for every key, ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
. Matsui's linear cryptanalysis for iterated block ciphers is generalized to an attack called #. This attack exploits a weakness that can be described by an e#ective partitionpair, i.e., a partition of the plaintext set and a partition of the nexttolastround output set such that, for every key, the nexttolastround outputs are nonuniformly distributed over the blocks of the second partition when the plaintexts are chosen uniformly at random from a particular block of the #rst partition. The lastround attack by #is formalized and requirements for it to be successful are stated. The success probability is approximated and a procedure for #nding e#ective partitionpairs is formulated. The usefulness of #is demonstrated by applying it successfully to six rounds of the DES. Keywords. Iterated block ciphers, linear cryptanalysis , #, DES. 1 Introduction In cryptography, frequent use is made of iterated block ciphers in which a keyed function, called the round function, is iterated r ...
Cryptanalysis of block ciphers and weight divisibility of some binary codes
"... The resistance of an iterated block cipher to most classical attacks can be quantified by some properties of its round function. The involved parameters (nonlinearity, degrees of the derivatives...) for a function F from F m 2 into F m 2 are related to the weight distribution of a binary linear code ..."
Abstract
 Add to MetaCart
The resistance of an iterated block cipher to most classical attacks can be quantified by some properties of its round function. The involved parameters (nonlinearity, degrees of the derivatives...) for a function F from F m 2 into F m 2 are related to the weight distribution of a binary linear code CF of length 2m − 1 and dimension 2m. In particular, the weight divisibility of CF appears as an important criterion in the context of linear cryptanalysis and of higherorder differential attacks. When the round function F is a power permutation over F2m, the associated code CF is the dual of a primitive cyclic code with two zeroes. Therefore, McEliece’s theorem provides a powerful tool for evaluating the resistance of some block ciphers to linear and higherorder differential attacks.