Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
|
 |
On Bias Estimation in Linear Cryptanalysis
| |
|
On Bias Estimation in Linear Cryptanalysis
Ali Aydin Selçuk 6 
| (6) |
Maryland Center for Telecommunications Research Department of Computer Science and Electrical Engineering, University of Maryland, Baltimore County, MD,21250 Baltimore, USA |
Abstract
Security analysis of block ciphers against linear cryptanalysis has virtually always been based on the bias estimates obtained
by the Piling-Up Lemma (PUL)method. Despite its common use, and despite the fact that the independence assumption of the PUL
is known not to hold in practice, accuracy of the PUL method has not been analyzed to date. In this study , we start with
an experimental analysis of the PUL method.The results on RC5 show that the estimates by the PUL method can be quite inaccurate
for some non-Feistel ciphers. On the other hand, the tests with SP-structured Feistel ciphers consistently show a much higher
degree of accuracy.
In the second part, we analyze several theories for an alternative method for bias estimation , including correlation matrices,
linear hulls, and statistical sampling. We show a practical application of the theory of correlation matrices, where better
estimates than the PUL method are obtained. We point out certain problems in some current applications of linear hulls. We
show that the sample size required for a reliable statistical estimator is an impractically large amount for most practical
cases.
Fulltext Preview (Small, Large)
 References secured to subscribers.
|
|
|
|
|
|