×

Estimating resistance against multidimensional linear attacks: an application on DEAN. (English) Zbl 1311.94085

Kutyłowski, Mirosław (ed.) et al., Information security and cryptology. 8th international conference, Inscrypt 2012, Beijing, China, November 28–30, 2012. Revised selected papers. Berlin: Springer (ISBN 978-3-642-38518-6/pbk). Lecture Notes in Computer Science 7763, 246-262 (2013).
Summary: In this paper, we investigate an algorithm which can be used to compute improved estimates of squared correlations of linear approximations over key-alternating block ciphers. The algorithm was previously used by J. Y. Cho [CT-RSA 2010, Lect. Notes Comput. Sci. 5985, 302–317 (2010; Zbl 1274.94051)] to compute estimates of expected squared correlations and capacities of multidimensional linear approximations of PRESENT. The goal of this paper is to investigate the applicability and usefulness of this algorithm for a nonbinary AES-like symmetric key-alternating block cipher DEAN designed by Th. Baignères et al. [SAC 2007, Lect. Notes Comput. Sci. 4876, 184–211 (2007; Zbl 1154.94371)] who estimated that the best LLR-based distinguisher will require the full code book of about \(2^{60}\) known plaintext blocks to succeed over four rounds of DEAN. We give evidence that there is an LLR-based multidimensional linear distinguisher with estimated data complexity \(2^{50}\) over six rounds of DEAN. Turning this to a (partial) key-recovery attack over the full eight-round DEAN is likely to succeed.
For the entire collection see [Zbl 1263.94006].

MSC:

94A60 Cryptography
PDFBibTeX XMLCite
Full Text: DOI