Links among impossible differential, integral and zero correlation linear cryptanalysis

Bing Sun, Zhiqiang Liu, Vincent Rijmen, Ruilin Li, Lei Cheng, Qingju Wang, Hoda Alkhzaimi, Chao Li

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    As two important cryptanalytic methods, impossible differential and integral cryptanalysis have attracted much attention in recent years. Although relations among other cryptanalytic approaches have been investigated, the link between these two methods has been missing. The motivation in this paper is to fix this gap and establish links between impossible differential cryptanalysis and integral cryptanalysis. Firstly, by introducing the concept of structure and dual structure, we prove that a → b is an impossible differential of a structure E if and only if it is a zero correlation linear hull of the dual structure E. Meanwhile, our proof shows that the automatic search tool presented by Wu and Wang could find all impossible differentials of both Feistel structures with SP-type round functions and SPN structures. Secondly, by establishing some boolean equations, we show that a zero correlation linear hull always indicates the existence of an integral distinguisher. With this observation we improve the number of rounds of integral distinguishers of Feistel structures, CAST-256, SMS4 and Camellia. Finally, we conclude that an r-round impossible differential of E always leads to an r-round integral distinguisher of the dual structure ɛ. In the case that ɛ and ɛ are linearly equivalent, we derive a direct link between impossible differentials and integral distinguishers of ɛ. Our results could help to classify different cryptanalytic tools and facilitate the task of evaluating security of block ciphers against various cryptanalytic approaches.

    Original languageEnglish (US)
    Title of host publicationAdvances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings
    PublisherSpringer-Verlag
    Pages95-115
    Number of pages21
    ISBN (Print)9783662479889
    DOIs
    StatePublished - Jan 1 2015
    Event35th Annual Cryptology Conference, CRYPTO 2015 - Santa Barbara, United States
    Duration: Aug 16 2015Aug 20 2015

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume9215
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Other

    Other35th Annual Cryptology Conference, CRYPTO 2015
    CountryUnited States
    CitySanta Barbara
    Period8/16/158/20/15

    Fingerprint

    Zero correlation
    Linear Cryptanalysis
    Cryptanalysis
    Differential Cryptanalysis
    Block Ciphers
    Linearly
    Classify
    If and only if

    Keywords

    • ARIA
    • Camellia
    • CAST-256
    • Feistel
    • Impossible differential
    • Integral
    • PRESENT
    • PRINCE
    • SMS4
    • SPN
    • Zero correlation linear

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • Computer Science(all)

    Cite this

    Sun, B., Liu, Z., Rijmen, V., Li, R., Cheng, L., Wang, Q., ... Li, C. (2015). Links among impossible differential, integral and zero correlation linear cryptanalysis. In Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings (pp. 95-115). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9215). Springer-Verlag. https://doi.org/10.1007/978-3-662-47989-6_5

    Links among impossible differential, integral and zero correlation linear cryptanalysis. / Sun, Bing; Liu, Zhiqiang; Rijmen, Vincent; Li, Ruilin; Cheng, Lei; Wang, Qingju; Alkhzaimi, Hoda; Li, Chao.

    Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings. Springer-Verlag, 2015. p. 95-115 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9215).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Sun, B, Liu, Z, Rijmen, V, Li, R, Cheng, L, Wang, Q, Alkhzaimi, H & Li, C 2015, Links among impossible differential, integral and zero correlation linear cryptanalysis. in Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9215, Springer-Verlag, pp. 95-115, 35th Annual Cryptology Conference, CRYPTO 2015, Santa Barbara, United States, 8/16/15. https://doi.org/10.1007/978-3-662-47989-6_5
    Sun B, Liu Z, Rijmen V, Li R, Cheng L, Wang Q et al. Links among impossible differential, integral and zero correlation linear cryptanalysis. In Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings. Springer-Verlag. 2015. p. 95-115. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-662-47989-6_5
    Sun, Bing ; Liu, Zhiqiang ; Rijmen, Vincent ; Li, Ruilin ; Cheng, Lei ; Wang, Qingju ; Alkhzaimi, Hoda ; Li, Chao. / Links among impossible differential, integral and zero correlation linear cryptanalysis. Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings. Springer-Verlag, 2015. pp. 95-115 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
    @inproceedings{dcd609be03a64c679b90df2f5b3ca608,
    title = "Links among impossible differential, integral and zero correlation linear cryptanalysis",
    abstract = "As two important cryptanalytic methods, impossible differential and integral cryptanalysis have attracted much attention in recent years. Although relations among other cryptanalytic approaches have been investigated, the link between these two methods has been missing. The motivation in this paper is to fix this gap and establish links between impossible differential cryptanalysis and integral cryptanalysis. Firstly, by introducing the concept of structure and dual structure, we prove that a → b is an impossible differential of a structure E if and only if it is a zero correlation linear hull of the dual structure E⊥. Meanwhile, our proof shows that the automatic search tool presented by Wu and Wang could find all impossible differentials of both Feistel structures with SP-type round functions and SPN structures. Secondly, by establishing some boolean equations, we show that a zero correlation linear hull always indicates the existence of an integral distinguisher. With this observation we improve the number of rounds of integral distinguishers of Feistel structures, CAST-256, SMS4 and Camellia. Finally, we conclude that an r-round impossible differential of E always leads to an r-round integral distinguisher of the dual structure ɛ⊥. In the case that ɛ and ɛ⊥ are linearly equivalent, we derive a direct link between impossible differentials and integral distinguishers of ɛ. Our results could help to classify different cryptanalytic tools and facilitate the task of evaluating security of block ciphers against various cryptanalytic approaches.",
    keywords = "ARIA, Camellia, CAST-256, Feistel, Impossible differential, Integral, PRESENT, PRINCE, SMS4, SPN, Zero correlation linear",
    author = "Bing Sun and Zhiqiang Liu and Vincent Rijmen and Ruilin Li and Lei Cheng and Qingju Wang and Hoda Alkhzaimi and Chao Li",
    year = "2015",
    month = "1",
    day = "1",
    doi = "10.1007/978-3-662-47989-6_5",
    language = "English (US)",
    isbn = "9783662479889",
    series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
    publisher = "Springer-Verlag",
    pages = "95--115",
    booktitle = "Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings",

    }

    TY - GEN

    T1 - Links among impossible differential, integral and zero correlation linear cryptanalysis

    AU - Sun, Bing

    AU - Liu, Zhiqiang

    AU - Rijmen, Vincent

    AU - Li, Ruilin

    AU - Cheng, Lei

    AU - Wang, Qingju

    AU - Alkhzaimi, Hoda

    AU - Li, Chao

    PY - 2015/1/1

    Y1 - 2015/1/1

    N2 - As two important cryptanalytic methods, impossible differential and integral cryptanalysis have attracted much attention in recent years. Although relations among other cryptanalytic approaches have been investigated, the link between these two methods has been missing. The motivation in this paper is to fix this gap and establish links between impossible differential cryptanalysis and integral cryptanalysis. Firstly, by introducing the concept of structure and dual structure, we prove that a → b is an impossible differential of a structure E if and only if it is a zero correlation linear hull of the dual structure E⊥. Meanwhile, our proof shows that the automatic search tool presented by Wu and Wang could find all impossible differentials of both Feistel structures with SP-type round functions and SPN structures. Secondly, by establishing some boolean equations, we show that a zero correlation linear hull always indicates the existence of an integral distinguisher. With this observation we improve the number of rounds of integral distinguishers of Feistel structures, CAST-256, SMS4 and Camellia. Finally, we conclude that an r-round impossible differential of E always leads to an r-round integral distinguisher of the dual structure ɛ⊥. In the case that ɛ and ɛ⊥ are linearly equivalent, we derive a direct link between impossible differentials and integral distinguishers of ɛ. Our results could help to classify different cryptanalytic tools and facilitate the task of evaluating security of block ciphers against various cryptanalytic approaches.

    AB - As two important cryptanalytic methods, impossible differential and integral cryptanalysis have attracted much attention in recent years. Although relations among other cryptanalytic approaches have been investigated, the link between these two methods has been missing. The motivation in this paper is to fix this gap and establish links between impossible differential cryptanalysis and integral cryptanalysis. Firstly, by introducing the concept of structure and dual structure, we prove that a → b is an impossible differential of a structure E if and only if it is a zero correlation linear hull of the dual structure E⊥. Meanwhile, our proof shows that the automatic search tool presented by Wu and Wang could find all impossible differentials of both Feistel structures with SP-type round functions and SPN structures. Secondly, by establishing some boolean equations, we show that a zero correlation linear hull always indicates the existence of an integral distinguisher. With this observation we improve the number of rounds of integral distinguishers of Feistel structures, CAST-256, SMS4 and Camellia. Finally, we conclude that an r-round impossible differential of E always leads to an r-round integral distinguisher of the dual structure ɛ⊥. In the case that ɛ and ɛ⊥ are linearly equivalent, we derive a direct link between impossible differentials and integral distinguishers of ɛ. Our results could help to classify different cryptanalytic tools and facilitate the task of evaluating security of block ciphers against various cryptanalytic approaches.

    KW - ARIA

    KW - Camellia

    KW - CAST-256

    KW - Feistel

    KW - Impossible differential

    KW - Integral

    KW - PRESENT

    KW - PRINCE

    KW - SMS4

    KW - SPN

    KW - Zero correlation linear

    UR - http://www.scopus.com/inward/record.url?scp=84943617985&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84943617985&partnerID=8YFLogxK

    U2 - 10.1007/978-3-662-47989-6_5

    DO - 10.1007/978-3-662-47989-6_5

    M3 - Conference contribution

    SN - 9783662479889

    T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

    SP - 95

    EP - 115

    BT - Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings

    PB - Springer-Verlag

    ER -