Improved multidimensional zero-correlation linear cryptanalysis and applications to LBlock and TWINE

Abstract

Zero-correlation linear cryptanalysis is a new method based on the linear approximations with correlation zero. In this paper, we propose a new model of multidimensional zero-correlation linear cryptanalysis by taking the equivalent relations of round keys into consideration. The improved attack model first finds out all the longest multidimensional zero-correlation linear distinguishers, then regards the distinguishers with the least independent guessed keys as the optimal distinguishers and finally chooses one optimal distinguisher to recover the secret key of cipher by using the partial-compression technique. Based on the improved attack model, we extend the original 22-round zero-correlation linear attack on LBlock and first evaluate the security of TWINE against the zero-correlation linear cryptanalysis. There are at least 8×8 classes of multidimensional zero-correlation linear distinguishers for 14-round LBlock and TWINE. After determining the corresponding optimal distinguisher, we carefully choose the order of guessing keys and guess each subkey nibble one after another to achieve an attack on 23-round LBlock, an attack on 23-round TWINE-80 and another attack on 25-round TWINE-128. As far as we know, these results are the currently best results on LBlock and TWINE in the single key scenario except the optimized brute force attack. © 2014 Springer International Publishing Switzerland.