Results 1 
1 of
1
Partitioning Cryptanalysis
 Fast Software Encryption, 4th International Workshop Proceedings
, 1997
"... . Matsui's linear cryptanalysis for iterated block ciphers is generalized to an attack called #. This attack exploits a weakness that can be described by an e#ective partitionpair, i.e., a partition of the plaintext set and a partition of the nexttolastround output set such that, for every key, ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
. Matsui's linear cryptanalysis for iterated block ciphers is generalized to an attack called #. This attack exploits a weakness that can be described by an e#ective partitionpair, i.e., a partition of the plaintext set and a partition of the nexttolastround output set such that, for every key, the nexttolastround outputs are nonuniformly distributed over the blocks of the second partition when the plaintexts are chosen uniformly at random from a particular block of the #rst partition. The lastround attack by #is formalized and requirements for it to be successful are stated. The success probability is approximated and a procedure for #nding e#ective partitionpairs is formulated. The usefulness of #is demonstrated by applying it successfully to six rounds of the DES. Keywords. Iterated block ciphers, linear cryptanalysis , #, DES. 1 Introduction In cryptography, frequent use is made of iterated block ciphers in which a keyed function, called the round function, is iterated r ...