The Independence of Linear Approximations in Symmetric Cryptology

Aktie "The Independence of Linear Approximations in Symmetric Cryptology"

N/A

Protected

Studienjahr: 2022

Info

Herunterladen

Protected

Academic year: 2022

Aktie "The Independence of Linear Approximations in Symmetric Cryptology"

Copied!

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 1 Seite )

Volltext

(1)

The Independence of Linear Approximations in Symmetric Cryptology

Sean Murphy Royal Holloway

Abstract

The basic form of the technique of linear cryptanalysis considers a block cipher which encrypts a binary plaintext vectorp_ito ciphertext vectorc_iunder a keyk. A linear approximation of this block cipher is an expression of the form

a^T pi

=b^Tkwith probability p= 1 2+,

where a and bare known as the data mask and key mask respectively, and is known as thebias. The simplest form of linear cryptanalysis uses this single linear approximation with many plaintext–ciphertext pairs to find the key bit b^Tk. This talk considers the use of many such linear approximations with data masksa0,a1, . . .to find the key bitb^Tk. Issues discussed include:

• whether using a third linearly dependent maska0+a1can give more key information than using just the two masksa0 anda1;

• whether a maska with bias= 0 can give any key information.

Referenzen

Jetzt herunterladen ( PDF - 1 Seite - 41.74 KB )

ÄHNLICHE DOKUMENTE

Heden's bound on the tail of a vector space partition

We improve a lower bound of Heden, in a subcase, on the number of elements of the smallest occurring dimension in a vector space partition.. By geometric arguments we

On the Continuity of the Value of a Linear Program

Bereanu, The continuity of the optimum in parametric programming and applications to stochastic programming, J.Optim.Theory Applic. Robinson, A characterization of stability

The location of the tomb of Amenhotep I: A reconsideration

The second information, the sequence of the royal tombs visited, has played an important role, too, as a supporting evidence in the attempts to identify king

A feasibility study about the use of vector tomography for the reconstruction of the coronal magnetic field

In the present thesis, we consider the possibility of a reconstruction of the coronal magnetic field by tomographic technique based on possible coronagraph observations of the Hanle

The matricial relaxation of a linear matrix inequality

The first subsection shows that the estimate based on the inclusion algorithm, namely the matricial matrix cube algorithm of Subsection 4.5, is essentially identical to that obtained

4. Locally convex topological vector spaces c) Let X be a vector space on which is deﬁned a nonnegative sesquilinear Hermitian form B : X ⇥ X ! K. Then the function p

Then by Theorem 4.1.14 there exists a basis N of neighbourhoods of the origin in X consisting of absorbing absolutely convex sets s.t.. We know from the first part of the proof how

, take the form of a linear combination of the predictions of individual specifications,

The same statistics are reported for the benchmark portfolios based on composite forecasts (i.e., the single assets of which the portfolios are constructed and the equally

Duality in Linear Vector Optimization

This paper reviews several duality results in the theory of linear vector optimization using an extended reformulation with general cone ordering.. This generalization gives some

ÄHNLICHE DOKUMENTE

A test for the parametric form of the variance function in a partial linear regression model

C ONTRIBUTIONS TO THE A SYMMETRIC

173

– Linear vector spaces

M I A Trajectory of a Vector Field in R2

Development of a vector construct for the transformation of the coccolithophore Emiliania huxleyi

The Determinants of International Reserves in the Emerging Countries: a Non-Linear Approach

a) Let p be a prime of the form p= 4k+ 1