Sean Murphy (2009) Overestimates for the Gain of Multiple Linear Approximations.
Full text access: Open
We show that Corollary 1 of “On Multiple Linear Approximations” (Crypto 2004 – LNCS 3152) is incorrect. In particular, the value given for the gain by Corollary 1 is likely to be a significant overestimate of this quantity. Thus any data requirements for linear cryptanalysis with multiple linear approximations based on this value for the gain are highly questionable.
This is a Published version This version's date is: 16/10/2009 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/d302dcda-6a82-5341-244c-cf5ba4599118/1/
Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
1. A. Biryukov, C. De Canni`ere, and M. Quiquater. On Multiple Approximations. InM. Franklin, editor, Advances in Cryptology – CRYPTO 04, volume 3152 of LNCS,pages 1–22. Springer–Verlag, 2004.
2. B.S. Kaliski and M.J.B. Robshaw. Linear Cryptanalysis Using Multiple Approximations.In Y. Desmedt, editor, Advances in Cryptology – CRYPTO 94, volume839 of LNCS, pages 26–39. Springer–Verlag, 1994.
3. B.S. Kaliski and M.J.B. Robshaw. Linear Cryptanalysis Using Multiple Approximationsand FEAL. In B. Preneel, editor, Fast Software Encryption 1994, volume1008 of LNCS, pages 249–264. Springer–Verlag, 1995.
4. M. Matsui. Linear Cryptanalysis for the DES Cipher. In T. Helleseth, editor,Advances in Cryptology – EUROCRYPT 1993, volume 765 of LNCS, pages 386–397. Springer–Verlag, 1993.
5. S. Murphy. The Independence of Linear Approximations in Symmetric Cryptology.IEEE Transactions on Information Theory, 52:5510–5518, 2006.
6. S.D. Silvey. Statistical Inference. Chapman and Hall, 1975.