Abstract
Differential and linear cryptanalysis are two attacks on product ciphers that use approximations of the round function F to derive information about the secret key. For the case of differential cryptanalysis, it is well-known that the probability of differentials can be modeled by a Markov chain, and it is known, for example, that the chain for DES converges to the uniform distribution. In this paper, a Markov chain for linear cryptanalysis is introduced as well and it is proved that both chains converge to the uniform distribution for almost all round functions F. This implies that in the independent random subkey model, almost all product ciphers become immune to both differential and linear cryptanalysis after a sufficient number of rounds.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
