Linear cryptanalysis of NUSH block cipher

Abstract

NUSH is a block cipher as a candidate for NESSIE. NUSH is analyzed by linear crypt-analysis. The complexity δ=(e, η) of the attack consists of data complexity e and time complexity η. Three linear approximations are used to analyze NUSH with 64-bit block. When |K|=128 bits, the complexities of three attacks are (258, 2124), (260, 278) and (262, 255) respectively. When |K|=192 bits, the complexities of three attacks are (258, 2157) (260, 296) and (262, 258) respectively. When |K| =256 bits, the complexities of three attacks are (258, 2125), (260, 278) and (262, 253) respectively. Three linear approximations are used to analyze NUSH with 128-bit block. When |K|=128 bits, the complexities of three attacks are (2122, 295), (2124, 257) and (2126, 252) respectively. When |K|=192 bits, the complexities of three attacks are (2122, 2142), (2124, 275) and (2126, 258) respectively. When |K|=256 bits, the complexities of three attacks are (2122, 2168), (2124, 281) and (2126, 264) respectively. Two linear approximations are used to analyze NUSH with 256-bit block. When |K|=128 bits, the complexities of two attacks are (2252, 2122) and (2254, 2119) respectively. When |K|=192 bits, the complexities of two attacks are (2252, 2181) and (2254, 2177) respectively. When |K|=256 bits, the complexities of two attacks are (2252, 2240) and (2254, 2219) respectively. These results show that NUSH is not immune to linear cryptanalysis, and longer key cannot enhance the security of NUSH.