Skip to main content
Conference Proceedings

On applying linear cryptanalysis to IDEA

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1996) 1163 105-115
DOI: 10.1007/bfb0034839
15Citations
Citations of this article
31Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Linear cryptanalysis is a well-known attack based on linear approximations, and is said to be feasiblefor an n-bit block cipher if the data complexity is at most 2n. In this paper we consider IDEA with independent and uniformly distributed subkeys, referred to as IDEA with extended subkeys. We prove that any linear approximation of IDEA with extended subkeys, generalized to R rounds, requires at least approximations to the multiply operation. We argue that the best approximations are based on approximating least significant bits in the round operations and show that the probability of selecting a key for which such a linear cryptanalysis is feasible on IDEA is approximately 2−100.

Cite

CITATION STYLE

APA

Hawkes, P., & O’Connor, L. (1996). On applying linear cryptanalysis to IDEA. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1163, pp. 105–115). Springer Verlag. https://doi.org/10.1007/bfb0034839

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free