On Linear Cryptanalysis with Many Linear Approximations

摘要

In this paper we present a theoretical framework to quantify the information brought by several linear approximations of a block-cipher without putting any restriction on these approximations. We quantify here the entropy of the key given the plaintext-ciphertext pairs statistics which is a much more accurate measure than the ones studied earlier. The techniques which are developed here apply to various ways of performing the linear attack and can also been used to measure the entropy of the key for other statistical attacks. Moreover, we present a realistic attack on the full DES with a time complexity of 2~(48) for 2~(41) pairs what is a big improvement comparing to Matsui's algorithm 2 (2~(51.9)).