A new attack on block ciphers is introduced, which is termed linear-differential cryptanalysis. It bases the combining of linear cryptanalysis and differential cryptana- lysis, and works by using linear-differential probability (LDP). Moreover, we present a new method for upper bounding the maximum linear-differential probability (MLDP) for 2 rounds of substitution permutation network (SPN) cipher structure. When our result applies to 2-round advanced encryption standard(AES), It is shown that the upper bound of MLDP is up to 1.68×2-19, which extends the known results for the 2-round SPN. Furthermore, when us- ing a recursive technique, we obtain that the MLDP for 4 rounds of AES is bounded by 2-73.
展开▼
