Abstract
The goal of this work is to propose a related-key model for linear cryptanalysis. We start by giving the mean and variance of the difference of sampled correlations of two Boolean functions when using the same sample of inputs to compute both correlations. This result is further extended to determine the mean and variance of the difference of correlations of a pair of Boolean functions taken over a random data sample of fixed size and over a random pair of Boolean functions. We use the properties of the multinomial distribution to achieve these results without independence assumptions. Using multivariate normal approximation of the multinomial distribution we obtain that the distribution of the difference of related-key correlations is approximately normal. This result is then applied to existing related-key cryptanalyses. We obtain more accurate right-key and wrong-key distributions and remove artificial assumptions about independence of sampled correlations. We extend this study to using multiple linear approximations and propose a Χ2-type statistic, which is proven to be Χ2 distributed if the linear approximations are independent. We further examine this statistic for multidimensional linear approximation and discuss why removing the assumption about independence of linear approximations does not work in the related-key setting the same way as in the single-key setting.
Highlights
Linear cryptanalysis is one of the main standard statistical methods for analysing the strength of a symmetric-key block cipher
The goal of this paper is to derive statistical distributions of the difference of the sampled correlations of Boolean functions. Such differences of correlations emerge in related-key linear cryptanalysis when the correlation of a linear approximation of a block cipher is analysed for two different keys
We studied the probability distribution of the difference of sampled correlations of two Boolean functions over a random sample of their inputs and showed that it is approximately normal and gave its parameters
Summary
Linear cryptanalysis is one of the main standard statistical methods for analysing the strength of a symmetric-key block cipher. Statistical distributions of sampled correlations of linear approximations of block ciphers are well established in the single-key setting, see e.g. The goal of this paper is to derive statistical distributions of the difference of the sampled correlations of Boolean functions Such differences of correlations emerge in related-key linear cryptanalysis when the correlation of a linear approximation of a block cipher is analysed for two different keys. In previous works mentioned above, the distributions are modelled under the assumption that the sampled correlations computed for two different keys are statistically independent. Considering the fact that the related-key cryptanalysis exploits some nonrandom behaviour of a block cipher that becomes observable when analysing data obtained from the cipher with two different keys, the assumption about statistical independence is somewhat contradictory. While the new wrong-key model is essentially the same as the one derived under the independence assumption, the right-key model is more detailed and may potentially lead to improvements in practical applications
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have