The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
A criptoanálise linear usando métodos de peneira é uma técnica proposta por Takeda et al. em 1998 como um ataque capaz de quebrar cifras com quantidades menores de dados do que a criptoanálise linear (LC) usando dados que satisfaçam condições de peneira linear. Este artigo mostra que ao considerar a quantidade de dados necessários para a criptoanálise na criptoanálise linear peneirada (S-LC) proposta por Takeda et al., é necessário levar em consideração a independência das chaves em relação à máscara linear (chave linear) e chaves relacionadas à máscara de peneira linear (chave Sieve) nas rodadas que são afetadas por essas chaves. Se p é a probabilidade de que a expressão linear aproximada seja válida e p* é a probabilidade após a aplicação da peneira linear, então foi mostrado que quando as chaves Lineares são independentes das chaves da Peneira, então é necessário selecionar a máscara linear e a máscara da peneira linear para que um valor maior de p*-p é obtido. Também é mostrado que a quantidade de dados necessários para S-LC não pode ser reduzida abaixo da quantidade de dados necessários para LC quando a chave Linear e a chave Peneira não são independentes. Na criptoanálise linear de peneira fixa, mostra-se que a quantidade de dados necessários para a criptoanálise não pode ser reduzida independentemente da independência da chave linear e da chave de peneira.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Yukiyasu TSUNOO, Hiroki NAKASHIMA, Hiroyasu KUBO, Teruo SAITO, Takeshi KAWABATA, "Results of Linear Cryptanalysis Using Linear Sieve Methods" in IEICE TRANSACTIONS on Fundamentals,
vol. E92-A, no. 5, pp. 1347-1355, May 2009, doi: 10.1587/transfun.E92.A.1347.
Abstract: Linear cryptanalysis using sieve methods is a technique proposed by Takeda et al. in 1998 as an attack capable of breaking ciphers with smaller amounts of data than linear cryptanalysis (LC) by using data that satisfies linear sieve conditions. This paper shows that when considering the amount of data required for cryptanalysis in Takeda et al.'s proposed sieved linear cryptanalysis (S-LC), it is necessary to take into account the independence of keys relating to the linear mask (Linear key) and keys relating to the linear sieve mask (Sieve key) in rounds that are affected by these keys. If p is the probability that the linear approximate expression holds and p* is the probability after applying the linear sieve, then it has been shown that when the Linear keys are independent of the Sieve keys, then it is necessary to select the linear mask and linear sieve mask so that a larger value of p*-p is obtained. It is also shown that the amount of data needed for S-LC cannot be reduced below the amount of data needed for LC when the Linear key and Sieve key are not independent. In fixed sieve linear cryptanalysis, it is shown that the amount of data needed for cryptanalysis cannot be reduced regardless of the independence of the Linear key and Sieve key.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E92.A.1347/_p
Copiar
@ARTICLE{e92-a_5_1347,
author={Yukiyasu TSUNOO, Hiroki NAKASHIMA, Hiroyasu KUBO, Teruo SAITO, Takeshi KAWABATA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Results of Linear Cryptanalysis Using Linear Sieve Methods},
year={2009},
volume={E92-A},
number={5},
pages={1347-1355},
abstract={Linear cryptanalysis using sieve methods is a technique proposed by Takeda et al. in 1998 as an attack capable of breaking ciphers with smaller amounts of data than linear cryptanalysis (LC) by using data that satisfies linear sieve conditions. This paper shows that when considering the amount of data required for cryptanalysis in Takeda et al.'s proposed sieved linear cryptanalysis (S-LC), it is necessary to take into account the independence of keys relating to the linear mask (Linear key) and keys relating to the linear sieve mask (Sieve key) in rounds that are affected by these keys. If p is the probability that the linear approximate expression holds and p* is the probability after applying the linear sieve, then it has been shown that when the Linear keys are independent of the Sieve keys, then it is necessary to select the linear mask and linear sieve mask so that a larger value of p*-p is obtained. It is also shown that the amount of data needed for S-LC cannot be reduced below the amount of data needed for LC when the Linear key and Sieve key are not independent. In fixed sieve linear cryptanalysis, it is shown that the amount of data needed for cryptanalysis cannot be reduced regardless of the independence of the Linear key and Sieve key.},
keywords={},
doi={10.1587/transfun.E92.A.1347},
ISSN={1745-1337},
month={May},}
Copiar
TY - JOUR
TI - Results of Linear Cryptanalysis Using Linear Sieve Methods
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1347
EP - 1355
AU - Yukiyasu TSUNOO
AU - Hiroki NAKASHIMA
AU - Hiroyasu KUBO
AU - Teruo SAITO
AU - Takeshi KAWABATA
PY - 2009
DO - 10.1587/transfun.E92.A.1347
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E92-A
IS - 5
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - May 2009
AB - Linear cryptanalysis using sieve methods is a technique proposed by Takeda et al. in 1998 as an attack capable of breaking ciphers with smaller amounts of data than linear cryptanalysis (LC) by using data that satisfies linear sieve conditions. This paper shows that when considering the amount of data required for cryptanalysis in Takeda et al.'s proposed sieved linear cryptanalysis (S-LC), it is necessary to take into account the independence of keys relating to the linear mask (Linear key) and keys relating to the linear sieve mask (Sieve key) in rounds that are affected by these keys. If p is the probability that the linear approximate expression holds and p* is the probability after applying the linear sieve, then it has been shown that when the Linear keys are independent of the Sieve keys, then it is necessary to select the linear mask and linear sieve mask so that a larger value of p*-p is obtained. It is also shown that the amount of data needed for S-LC cannot be reduced below the amount of data needed for LC when the Linear key and Sieve key are not independent. In fixed sieve linear cryptanalysis, it is shown that the amount of data needed for cryptanalysis cannot be reduced regardless of the independence of the Linear key and Sieve key.
ER -