On probability of success in linear and differential cryptanalysis

Date
2008-01
Authors
Selçuk, A. A.
Advisor
Instructor
Source Title
Journal of Cryptology
Print ISSN
0933-2790
Electronic ISSN
Publisher
Springer New York LLC
Volume
21
Issue
1
Pages
131 - 147
Language
English
Type
Article
Journal Title
Journal ISSN
Volume Title
Abstract

Despite their widespread usage in block cipher security, linear and differential cryptanalysis still lack a robust treatment of their success probability, and the success chances of these attacks have commonly been estimated in a rather ad hoc fashion. In this paper, we present an analytical calculation of the success probability of linear and differential cryptanalytic attacks. The results apply to an extended sense of the term "success" where the correct key is found not necessarily as the highest-ranking candidate but within a set of high-ranking candidates. Experimental results show that the analysis provides accurate results in most cases, especially in linear cryptanalysis. In cases where the results are less accurate, as in certain cases of differential cryptanalysis, the results are useful to provide approximate estimates of the success probability and the necessary plaintext requirement. The analysis also reveals that the attacked key length in differential cryptanalysis is one of the factors that affect the success probability directly besides the signal-to-noise ratio and the available plaintext amount. © 2007 International Association for Cryptologic Research.

Course
Other identifiers
Book Title
Keywords
Block ciphers, Differential cryptanalysis, Linear cryptanalysis, Order statistics, Success probability, Block codes, Intrusion detection, Network security, Probability distributions, Signal to noise ratio, Cryptography
Citation
Published Version (Please cite this version)