Differential-linear attack
Introduced by Martin Hellman and Susan K. Langford in 1994, the differential-linear attack is a mix of both linear cryptanalysis and differential cryptanalysis.
The attack utilises a differential characteristic over part of the cipher with a probability of 1 (for a few rounds—this probability would be much lower for the whole cipher). The rounds immediately following the differential characteristic have a linear approximation defined, and we expect that for each
chosen plaintext pair, the probability of the linear approximation holding for one chosen plaintext but not the other will be lower for the correct key. Hellman and Langford have shown that this attack can recover 10 key bits of an 8-round DES
with only 512 chosen plaintexts and an 80% chance of success.
The attack was generalised by Eli Biham et al. to use differential characteristics with probability less than 1. Besides DES, it has been applied to FEAL, IDEA, Serpent, Camellia, and even the stream cipher Phelix.
References
- )
- Johan Borst, Springer-Verlag. pp. 1–13. Retrieved 2007-03-08.)
{{cite conference}}: CS1 maint: multiple names: authors list (link - ASIACRYPT 2002, Lecture Notes in Computer Science 2501. Queenstown, New Zealand: Springer-Verlag. pp. 254–266. Retrieved 2006-12-07.
- Eli Biham, Orr Dunkelman, Nathan Keller (February 2003). Differential-Linear Cryptanalysis of Serpent (PDF/PostScript). 10th International Workshop on Fast Software Encryption (FSE '03). Lund: Springer-Verlag. pp. 9–21. Retrieved 2007-03-08.
{{cite conference}}: CS1 maint: multiple names: authors list (link) - Hongjun Wu, Fast Software Encryption (FSE '07). Luxembourg City: Springer-Verlag. Archived from the original(PDF) on 2008-08-20. Retrieved 2007-03-08.
- Fast Software Encryption (FSE '07). Luxembourg City: Springer-Verlag.)
{{cite conference}}: CS1 maint: multiple names: authors list (link
