The Experts below are selected from a list of 72582 Experts worldwide ranked by ideXlab platform
Takafumi Hayashi - One of the best experts on this subject based on the ideXlab platform.
-
IWSDA - A novel class of QPSK Zero-Correlation zone sequence sets
2015 Seventh International Workshop on Signal Design and its Applications in Communications (IWSDA), 2015Co-Authors: Takafumi Hayashi, Shinya Matsufuji, Yodai Watanabe, Anh T. Pham, Toshiaki Miyazaki, Takao MaedaAbstract:The present paper introduces the construction of Quadrature Phase Shift Keying (QPSK) modulation based sequences having a Zero-Correlation zone. For a Zero-Correlation zone sequence set of N sequences, each of length L, the cross-Correlation function and the side lobe of the autoCorrelation function of the proposed sequence set is Zero for the phase shifts τ within the Zero-Correlation zone z, such that |τ| ≤ z (τ ≠ 0 for the autoCorrelation function). The ratio N(z+1) over l is theoretically limited to one. When the ratio of a sequence set is equal to one, the sequence set is called an optimal Zero-Correlation sequence set. The proposed Zero-Correlation zone sequence set can be generated from an arbitrary Hadamard matrix of order n. First, the proposed sequence set is generated as a set of 4n sequences of length 8n with the Zero-Correlation zone z = 1. The length of the proposed sequence set can be extended by sequence interleaving, where m times interleaving can generate the 4n sequences, each of length 2m+3n. The proposed sequence set is optimal for m = 0,1 and almost optimal for m > 1.
-
Sequence sets having wide inter-subset Zero-Correlation zone and its applications to instrumentation
2012Co-Authors: Takafumi Hayashi, Shigeru Kanemoto, Takao MaedaAbstract:The present paper introduces the construction of a class of sequence sets with Zero-Correlation zones called Zero-Correlation zone sequence sets. The proposed Zero-Correlation zone sequence set can be constructed if there exist positive integers (T, L b , N d ) and a non-negative integer m ≥ 0, S = ±1 that satisfy the criterion L p = (Z + 1)N d = (TL b — S + Λ)N d for the length L p of the given perfect sequence p and there exists a Hadamard matrix of order (Z +1)m + L b . The proposed sequence set has N d subsets. The Correlation function of the sequences of a pair of different subsets referred to as the inter-subset Correlation function, has a Zero-Correlation zone with a width that is approximately (Λ + 1) times that of the Correlation function of the sequences of the same subset (intra-subset Correlation function). This wider inter-subset Zero-Correlation enables the improvement in performance of applications of the proposed sequence set. The proposed scheme can improve radars using the Zero-Correlation property of the sequence set.
-
A Ternary Zero-Correlation Zone Sequence Set Having Wide Inter-Subset Zero-Correlation Zone
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, 2011Co-Authors: Takafumi Hayashi, Takao Maeda, Shinya Matsufuji, Satoshi OkawaAbstract:The present paper introduces a novel construction of ternary sequences having a Zero-Correlation zone. The cross-Correlation function and the side-lobe of the auto-Correlation function of the proposed sequence set is Zero for the phase shifts within the Zero-Correlation zone. The proposed sequence set consists of more than one subset having the same member size. The Correlation function of the sequences of a pair of different subsets, referred to as the inter-subset Correlation function, has a wider Zero-Correlation zone than that of the Correlation function of sequences of the same subset (intra-subset Correlation function). The wide inter-subset Zero-Correlation enables performance improvement during application of the proposed sequence set. The proposed sequence set has a Zero-Correlation zone for periodic, aperiodic, and odd Correlation functions.
-
Zero-Correlation zone sequence sets having subsets and its application to instrumentation
2011Co-Authors: Takafumi Hayashi, Takao Maeda, Shigeru Kanemoto, Satoshi OkawaAbstract:The present paper introduces the construction of a class of sequence sets with Zero-Correlation zones called Zero-Correlation zone sequence sets. The proposed Zero-Correlation zone sequence set can be generated from an arbitrary perfect sequence of length L p = k(2n + 1) + 1, and a Hadamard matrix of order L h , where L p and L h are comprime to each other. In an ultrasonic synthetic aperture imaging system, the proposed sequence set can improve the signal-to-noise ratio of the acquired image. The constructed sequence set consists of 2nL h ternary sequences, each of length 2m+1L p L h , for a non-negative integer m. The Zero-Correlation zone of the proposed sequences is |τ| ≤ 2m+1 k −1, where τ is the phase shift. The inter-subset Zero-Correlation zone of the proposed sequences is |τ| ≤ 2m+2 k, where t is the phase shift. The proposed scheme can improve radars using the Zero-Correlation property of the sequence set.
-
a novel construction of Zero Correlation zone sequence set with wide inter subset Zero Correlation zone
International Workshop on Signal Design and its Applications in Communications, 2011Co-Authors: Takafumi Hayashi, Takao Maeda, Shigeru Kanemoto, Shinya MatsufujiAbstract:The present paper introduces a new approach to the construction of a sequence set with a Zero-Correlation zone (ZCZ). The proposed sequence construction generates a ZCZ sequence set from a perfect sequence pair or a single perfect sequence. The member size of the proposed sequence set approaches the theoretical bound. The proposed sequence set consists of L g subsets, where a Hadamard matrix of order L g is used in the sequence construction. The Correlation function of the sequences of a pair of different subsets, inter-subset Correlation function, has a ZCZ with a width that is (Λ + 1) times that of the intra-subset Correlation function for a positive integer Λ ≥ 1. The wide inter-subset Zero-Correlation improves the performance of the applications of the proposed sequence set.
Naoki Suehiro - One of the best experts on this subject based on the ideXlab platform.
-
A New Construction Method of Zero-Correlation Zone Sequences Based on Complete Complementary Codes
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, 2008Co-Authors: Chenggao Han, Takeshi Hashimoto, Naoki SuehiroAbstract:In approximately synchronous CDMA (AS-CDMA) systems, Zero Correlation zone (ZCZ) sequences are known as the sequences to eliminate co-channel and multi-path interferences. Therefore, numerous constructions of Zero Correlation zone (ZCZ) sequences have been introduced e.g. based on perfect sequences and complete complementary codes etc. However, the previous construction method which based on complete complementary code is lacking for merit figures when none of whose elements are Zero. In this paper, a new construction method of ZCZ sequences based on complete complementary codes is proposed. By proposed method, non Zero elements ZCZ sequences whose merit figure is greater than 1/2 are constructable.
-
ISIT - A novel construction method of Zero-Correlation zone sequences based on complete complementary codes
2008 IEEE International Symposium on Information Theory, 2008Co-Authors: Chenggao Han, Takeshi Hashimoto, Naoki SuehiroAbstract:In an approximately synchronous CDMA (AS- CDMA) system, Zero Correlation zone (ZCZ) sequences are known as the sequences to eliminate co-channel and multi- path interferences. Therefore, numerous constructions of Zero Correlation zone (ZCZ) sequences have been introduced e.g. based on perfect sequences, m-sequences and complete complementary codes etc.. However, the previous construction method which based on complete complementary code is lacking for merit figure. In this paper, a new construction method of ZCZ sequences based on complete complementary codes is proposed. By proposed method, the ZCZ sequences with greater than 1/2 merit figure are constructable.
-
Construction of Sequences with Large Zero Correlation Zone
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, 2005Co-Authors: Daiyuan Peng, Pingzhi Fan, Naoki SuehiroAbstract:In order to judge the goodness of Zero Correlation zone sequence sets, a new concept, called ZCZ characteristic, is proposed. Then by defining a sequence operation, i.e. Correlation product, and establishing its basic properties, a new approach to construct sets of sequences with a large Zero Correlation zone is presented.
-
A New Class of Polyphase Sequence Sets with Optimal Zero-Correlation Zones
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, 2005Co-Authors: Hideyuki Torii, Makoto Nakamura, Naoki SuehiroAbstract:This paper proposes a new class of polyphase ZCZ (Zero-Correlation zone) sequence sets which satisfy a mathematical upper bound. The proposed ZCZ sequence sets are obtained from DFT matrices and unitary matrices. In addition, this paper discusses the cross-Correlation property between different ZCZ sequence sets which belong to the proposed class.
-
A new class of Zero-Correlation zone sequences
IEEE Transactions on Information Theory, 2004Co-Authors: H. Torii, Makoto Nakamura, Naoki SuehiroAbstract:In this correspondence, two new methods for constructing sets of Zero-Correlation zone (ZCZ) sequences are proposed. These methods are based on perfect sequences and unitary matrices. Compared with previous methods, the proposed methods can generate sets of nonbinary ZCZ sequences having a longer Zero-Correlation zone. The sequences obtained by these methods are suitable for approximately synchronized code-division multiple-access (AS-CDMA) systems.
Meiqin Wang - One of the best experts on this subject based on the ideXlab platform.
-
Zero-Correlation attacks: statistical models independent of the number of approximations
Designs Codes and Cryptography, 2017Co-Authors: Ling Sun, Huaifeng Chen, Meiqin WangAbstract:Multiple and multidimensional Zero-Correlation linear cryptanalysis have been two of the most powerful cryptanalytic techniques for block ciphers, and it has been shown that the differentiating factor of these two statistical models is whether distinct plaintexts are assumed or not. Nevertheless, questions remain regarding how these analyses can be universalized without any limitations and can be used to accurately estimate the data complexity and the success probability. More concretely, the current models for multiple Zero-Correlation (MPZC) and multidimensional Zero-Correlation (MDZC) cryptanalysis are not valid in the setting with a limited number of approximations and the accuracy of the estimation for data complexity can not be guaranteed. Besides, in a lot of cases, using too many approximations may cause an exhaustive search when we want to launch key-recovery attacks. In order to generalize the original models using the normal approximation of the \(\chi ^2\)-distribution, we provide a more accurate approach to estimate the data complexity and the success probability for MPZC and MDZC cryptanalysis without such approximation. Since these new models directly rely on the \(\chi ^{2}\)-distribution, we call them the \(\chi ^{2}\) MPZC and MDZC models. An interesting thing is that the chi-square-multiple Zero-Correlation (\(\chi ^{2}\)-MPZC) model still works even though we only have a single Zero-Correlation linear approximation. This fact puts an end to the situation that the basic Zero-Correlation linear cryptanalysis requires the full codebook under the known-plaintext attack setting. As an illustration, we apply the \(\chi ^{2}\)-MPZC model to analyze TEA and XTEA. These new attacks cover more rounds than the previous MPZC attacks. Moreover, we reconsider the multidimensional Zero-Correlation (MDZC) attack on 14-round CLEFIA-192 by utilizing less Zero-Correlation linear approximations. In addition, some other ciphers which already have MDZC analytical results are reevaluated and the data complexities under the new model are all less than or equal to those under the original model. Some experiments are conducted in order to verify the validity of the new models, and the experimental results convince us that the new models provide more precise estimates of the data complexity and the success probability.
-
Inscrypt - Improved Zero-Correlation Cryptanalysis on SIMON
Information Security and Cryptology, 2016Co-Authors: Ling Sun, Meiqin WangAbstract:SIMON is a family of lightweight block ciphers publicly released by the NSA. Up to now, there have been many cryptanalytic results on it by means of differential, linear, impossible differential, integral, Zero-Correlation linear cryptanalysis and so forth. At INDOCRYPT 2014, Wang et al. gave Zero-Correlation attacks for 20-round SIMON32, 20-round SIMON48/72 and 21-round SIMON48/96. We investigate the security of whole family of SIMON by using Zero-Correlation linear cryptanalysis in this paper. For SIMON32 and SIMON48, we can attack one more round than the previous Zero-Correlation attacks given by Wang et al. We are the first one to give Zero-Correlation linear approximations of SIMON64, SIMON96 and SIMON128. These approximations are also utilized to attack the corresponding ciphers.
-
Improving algorithm 2 in multidimensional (Zero-Correlation) linear cryptanalysis using $$\chi ^2$$ź2-method
Designs Codes and Cryptography, 2016Co-Authors: Huaifeng Chen, Tingting Cui, Meiqin WangAbstract:The multidimensional linear cryptanalysis and the multidimensional Zero-Correlation linear cryptanalysis have been widely used in the attacks on block ciphers. In the multidimensional linear cryptanalysis with $$\chi ^2$$ź2-method and the multidimensional Zero-Correlation linear cryptanalysis, the statistics used to distinguish the right key and wrong keys are calculated from the probability distribution of multidimensional (Zero-Correlation) linear approximations. In this paper, we show that the statistics can be computed directly from the empirical Correlations of multidimensional (Zero-Correlation) linear approximations for random plaintext set. In this way, the computation cost of the probability distribution can be removed. In the situation where FFT technique can be applied to calculate the Correlations, our proposed computing method for the statistics can decrease the time complexity of multidimensional (Zero-Correlation) linear cryptanalysis. As an illustration, the Feistel network with bijective round functions consisting of the modular additions or XORs with subkeys and CAST-256 have been attacked with our revised multidimensional Zero-Correlation linear cryptanalysis. Our attacks on such kind of Feistel networks are the best according to the number of rounds and we improved the previous multidimensional Zero-Correlation attack on CAST-256 from 28 to 29 rounds. Compared with the best attack on 29-round CAST-256 with multiple Zero-Correlation linear cryptanalysis method, our attack leads to the same complexity but without any assumption of independence. Therefore our attack on CAST-256 is the best attack without any assumption.
-
Selected Areas in Cryptography - Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA
Selected Areas in Cryptography -- SAC 2013, 2014Co-Authors: Andrey Bogdanov, Meiqin Wang, Long Wen, Huizheng Geng, Baudoin CollardAbstract:Zero-Correlation linear cryptanalysis is based on the linear approximations with Correlation exactly Zero, which essentially generalizes the integral property, and has already been applied to several block ciphers -- among others, yielding best known attacks to date on round-reduced TEA and CAST-256 as published in FSE'12 and ASIACRYPT'12, respectively. In this paper, we use the FFT Fast Fourier Transform technique to speed up the Zero-Correlation cryptanalysis. First, this allows us to improve upon the state-of-the-art cryptanalysis for the ISO/IEC standard and CRYPTREC-portfolio cipher Camellia. Namely, we present Zero-Correlation attacks on 11-round Camellia-128 and 12-round Camellia-192 with $$FL/FL^{-1}$$ and whitening key starting from the first round, which is an improvement in the number of attacked rounds in both cases. Moreover, we provide multidimensional Zero-Correlation cryptanalysis of 14-round CLEFIA-192 and 15-round CLEFIA-256 that are attacks on the highest numbers of rounds in the classical single-key setting, respectively, with improvements in memory complexity.
-
Multidimensional Zero-Correlation attacks on lightweight block cipher HIGHT
Information Processing Letters, 2014Co-Authors: Long Wen, Meiqin Wang, Andrey Bogdanov, Huaifeng ChenAbstract:HIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. Though there is a great deal of cryptanalytic results on HIGHT, its security evaluation against the recent Zero-Correlation linear attacks is still lacking. At the same time, the Feistel-type structure of HIGHT suggests that it might be susceptible to this type of cryptanalysis. In this paper, we aim to bridge this gap.We identify Zero-Correlation linear approximations over 16 rounds of HIGHT. Based upon those, we attack 27-round HIGHT (round 4 to round 30) with improved time complexity and practical memory requirements. This attack of ours is the best result on HIGHT to date in the classical single-key setting. We also provide the first attack on 26-round HIGHT (round 4 to round 29) with the full whitening key. Multidimensional Zero-Correlation attacks on round-reduced ISO-standard HIGHT.Key recovery for 27 (out of 32) rounds of HIGHT in classical single-key setting.Our 27-round attack significantly improves upon state-of-the-art in time and memory complexity.First key recovery for 26-round original HIGHT in classical single-key setting.
Andrey Bogdanov - One of the best experts on this subject based on the ideXlab platform.
-
Selected Areas in Cryptography - Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA
Selected Areas in Cryptography -- SAC 2013, 2014Co-Authors: Andrey Bogdanov, Meiqin Wang, Long Wen, Huizheng Geng, Baudoin CollardAbstract:Zero-Correlation linear cryptanalysis is based on the linear approximations with Correlation exactly Zero, which essentially generalizes the integral property, and has already been applied to several block ciphers -- among others, yielding best known attacks to date on round-reduced TEA and CAST-256 as published in FSE'12 and ASIACRYPT'12, respectively. In this paper, we use the FFT Fast Fourier Transform technique to speed up the Zero-Correlation cryptanalysis. First, this allows us to improve upon the state-of-the-art cryptanalysis for the ISO/IEC standard and CRYPTREC-portfolio cipher Camellia. Namely, we present Zero-Correlation attacks on 11-round Camellia-128 and 12-round Camellia-192 with $$FL/FL^{-1}$$ and whitening key starting from the first round, which is an improvement in the number of attacked rounds in both cases. Moreover, we provide multidimensional Zero-Correlation cryptanalysis of 14-round CLEFIA-192 and 15-round CLEFIA-256 that are attacks on the highest numbers of rounds in the classical single-key setting, respectively, with improvements in memory complexity.
-
Multidimensional Zero-Correlation attacks on lightweight block cipher HIGHT
Information Processing Letters, 2014Co-Authors: Long Wen, Meiqin Wang, Andrey Bogdanov, Huaifeng ChenAbstract:HIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. Though there is a great deal of cryptanalytic results on HIGHT, its security evaluation against the recent Zero-Correlation linear attacks is still lacking. At the same time, the Feistel-type structure of HIGHT suggests that it might be susceptible to this type of cryptanalysis. In this paper, we aim to bridge this gap.We identify Zero-Correlation linear approximations over 16 rounds of HIGHT. Based upon those, we attack 27-round HIGHT (round 4 to round 30) with improved time complexity and practical memory requirements. This attack of ours is the best result on HIGHT to date in the classical single-key setting. We also provide the first attack on 26-round HIGHT (round 4 to round 29) with the full whitening key. Multidimensional Zero-Correlation attacks on round-reduced ISO-standard HIGHT.Key recovery for 27 (out of 32) rounds of HIGHT in classical single-key setting.Our 27-round attack significantly improves upon state-of-the-art in time and memory complexity.First key recovery for 26-round original HIGHT in classical single-key setting.
-
Zero Correlation linear cryptanalysis with fft and improved attacks on iso standards camellia and clefia
Selected Areas in Cryptography, 2013Co-Authors: Andrey Bogdanov, Meiqin Wang, Long Wen, Huizheng Geng, Baudoin CollardAbstract:Zero-Correlation linear cryptanalysis is based on the linear approximations with Correlation exactly Zero, which essentially generalizes the integral property, and has already been applied to several block ciphers -- among others, yielding best known attacks to date on round-reduced TEA and CAST-256 as published in FSE'12 and ASIACRYPT'12, respectively. In this paper, we use the FFT Fast Fourier Transform technique to speed up the Zero-Correlation cryptanalysis. First, this allows us to improve upon the state-of-the-art cryptanalysis for the ISO/IEC standard and CRYPTREC-portfolio cipher Camellia. Namely, we present Zero-Correlation attacks on 11-round Camellia-128 and 12-round Camellia-192 with $$FL/FL^{-1}$$ and whitening key starting from the first round, which is an improvement in the number of attacked rounds in both cases. Moreover, we provide multidimensional Zero-Correlation cryptanalysis of 14-round CLEFIA-192 and 15-round CLEFIA-256 that are attacks on the highest numbers of rounds in the classical single-key setting, respectively, with improvements in memory complexity.
-
Zero Correlation linear cryptanalysis with reduced data complexity
Fast Software Encryption, 2012Co-Authors: Andrey Bogdanov, Meiqin WangAbstract:Zero Correlation linear cryptanalysis is a novel key recovery technique for block ciphers proposed in [5]. It is based on linear approximations with probability of exactly 1/2 (which corresponds to the Zero Correlation). Some block ciphers turn out to have multiple linear approximations with Correlation Zero for each key over a considerable number of rounds. Zero Correlation linear cryptanalysis is the counterpart of impossible differential cryptanalysis in the domain of linear cryptanalysis, though having many technical distinctions and sometimes resulting in stronger attacks. In this paper, we propose a statistical technique to significantly reduce the data complexity using the high number of Zero Correlation linear approximations available. We also identify Zero Correlation linear approximations for 14 and 15 rounds of TEA and XTEA. Those result in key-recovery attacks for 21-round TEA and 25-round XTEA, while requiring less data than the full code book. In the single secret key setting, these are structural attacks breaking the highest number of rounds for both ciphers. The findings of this paper demonstrate that the prohibitive data complexity requirements are not inherent in the Zero Correlation linear cryptanalysis and can be overcome. Moreover, our results suggest that Zero Correlation linear cryptanalysis can actually break more rounds than the best known impossible differential cryptanalysis does for relevant block ciphers. This might make a security re-evaluation of some ciphers necessary in the view of the new attack.
-
FSE - Zero Correlation linear cryptanalysis with reduced data complexity
Fast Software Encryption, 2012Co-Authors: Andrey Bogdanov, Meiqin WangAbstract:Zero Correlation linear cryptanalysis is a novel key recovery technique for block ciphers proposed in [5]. It is based on linear approximations with probability of exactly 1/2 (which corresponds to the Zero Correlation). Some block ciphers turn out to have multiple linear approximations with Correlation Zero for each key over a considerable number of rounds. Zero Correlation linear cryptanalysis is the counterpart of impossible differential cryptanalysis in the domain of linear cryptanalysis, though having many technical distinctions and sometimes resulting in stronger attacks. In this paper, we propose a statistical technique to significantly reduce the data complexity using the high number of Zero Correlation linear approximations available. We also identify Zero Correlation linear approximations for 14 and 15 rounds of TEA and XTEA. Those result in key-recovery attacks for 21-round TEA and 25-round XTEA, while requiring less data than the full code book. In the single secret key setting, these are structural attacks breaking the highest number of rounds for both ciphers. The findings of this paper demonstrate that the prohibitive data complexity requirements are not inherent in the Zero Correlation linear cryptanalysis and can be overcome. Moreover, our results suggest that Zero Correlation linear cryptanalysis can actually break more rounds than the best known impossible differential cryptanalysis does for relevant block ciphers. This might make a security re-evaluation of some ciphers necessary in the view of the new attack.
Yanfeng Wang - One of the best experts on this subject based on the ideXlab platform.
-
Zero-Correlation Linear Cryptanalysis of Reduced-Round SIMON
Journal of Computer Science and Technology, 2015Co-Authors: Zhen-qing Shi, Jian Zhang, Lei Zhang, Yanfeng WangAbstract:In June 2013, the U.S. National Security Agency proposed two families of lightweight block ciphers, called SIMON and SPECK respectively. These ciphers are designed to perform excellently on both hardware and software platforms. In this paper, we mainly present Zero-Correlation linear cryptanalysis on various versions of SIMON. Firstly, by using missin-the-middle approach, we construct Zero-Correlation linear distinguishers of SIMON, and Zero-Correlation linear attacks are presented based on careful analysis of key recovery phase. Secondly, multidimensional Zero-Correlation linear attacks are used to reduce the data complexity. Our Zero-Correlation linear attacks perform better than impossible differential attacks proposed by Abed et al. in ePrint Report 2013/568. Finally, we also use the divide-and-conquer technique to improve the results of linear cryptanalysis proposed by Javad et al. in ePrint Report 2013/663.
-
improved multidimensional Zero Correlation linear cryptanalysis and applications to lblock and twine
Australasian Conference on Information Security and Privacy, 2014Co-Authors: Yanfeng WangAbstract:Zero-Correlation linear cryptanalysis is a new method based on the linear approximations with Correlation Zero. In this paper, we propose a new model of multidimensional Zero-Correlation linear cryptanalysis by taking the equivalent relations of round keys into consideration. The improved attack model first finds out all the longest multidimensional Zero-Correlation linear distinguishers, then regards the distinguishers with the least independent guessed keys as the optimal distinguishers and finally chooses one optimal distinguisher to recover the secret key of cipher by using the partial-compression technique. Based on the improved attack model, we extend the original 22-round Zero-Correlation linear attack on LBlock and first evaluate the security of TWINE against the Zero-Correlation linear cryptanalysis. There are at least 8×8 classes of multidimensional Zero-Correlation linear distinguishers for 14-round LBlock and TWINE. After determining the corresponding optimal distinguisher, we carefully choose the order of guessing keys and guess each subkey nibble one after another to achieve an attack on 23-round LBlock, an attack on 23-round TWINE-80 and another attack on 25-round TWINE-128. As far as we know, these results are the currently best results on LBlock and TWINE in the single key scenario except the optimized brute force attack.
-
ACISP - Improved Multidimensional Zero-Correlation Linear Cryptanalysis and Applications to LBlock and TWINE
Information Security and Privacy, 2014Co-Authors: Yanfeng WangAbstract:Zero-Correlation linear cryptanalysis is a new method based on the linear approximations with Correlation Zero. In this paper, we propose a new model of multidimensional Zero-Correlation linear cryptanalysis by taking the equivalent relations of round keys into consideration. The improved attack model first finds out all the longest multidimensional Zero-Correlation linear distinguishers, then regards the distinguishers with the least independent guessed keys as the optimal distinguishers and finally chooses one optimal distinguisher to recover the secret key of cipher by using the partial-compression technique. Based on the improved attack model, we extend the original 22-round Zero-Correlation linear attack on LBlock and first evaluate the security of TWINE against the Zero-Correlation linear cryptanalysis. There are at least 8×8 classes of multidimensional Zero-Correlation linear distinguishers for 14-round LBlock and TWINE. After determining the corresponding optimal distinguisher, we carefully choose the order of guessing keys and guess each subkey nibble one after another to achieve an attack on 23-round LBlock, an attack on 23-round TWINE-80 and another attack on 25-round TWINE-128. As far as we know, these results are the currently best results on LBlock and TWINE in the single key scenario except the optimized brute force attack.
