Linear cryptanalysis

The linear cryptanalysis is a common form of cryptanalysis based on the linear approximation of the most likely key for breaking block encryption method based. This method was in 1992 by Mitsuru Matsui (one of the developers of the Misty1 - encryption algorithm ) releases.

This technique was first used in the study of FEAL encryption . Matsui later also published an attack on the Data Encryption Standard (DES), which eventually became the first public publication of an experimental cryptanalysis. This attack is hardly applicable in practice because it requires ⁴⁷ known plaintext / ciphertext pairs for a 16-round DES 2 .

Other variants of linear cryptanalysis have been developed for both block and stream ciphers . Therefore, the security of newly designed algorithms is usually checked against linear cryptanalysis.

Linear cryptanalysis is one of the most frequently used attack options against block ciphers, the other is differential cryptanalysis .

Individual evidence

^ Klaus Schmeh, "Kryptographie", 5th edition 2013, dpunkt.verlag
↑ Matsui and Yamagishi, “ A new method for known plaintext attack of FEAL cipher ”, EUROCRYPT 1992
↑ ^a ^b Mitsuru Matsui, " Linear cryptanalysis method for DES cipher ", EUROCRYPT 1993
↑ Mitsuru Matsui, " The first experimental cryptanalysis of the data encryption standard ", CRYPT 1994

[1] Klaus Schmeh, "Kryptographie", 5th edition 2013, dpunkt.verlag

[2] Matsui and Yamagishi, “ A new method for known plaintext attack of FEAL cipher ”, EUROCRYPT 1992

[originalDES-3] Mitsuru Matsui, " Linear cryptanalysis method for DES cipher ", EUROCRYPT 1993

[4] Mitsuru Matsui, " The first experimental cryptanalysis of the data encryption standard ", CRYPT 1994