For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
On Applicability of Linear Cryptanalysis to DES-like Cryptosystems--LOKI89, LOKI91 and s2 DES--
Toshio TOKITA Tohru SORIMACHI Mitsuru MATSUI
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 1995/09/25
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Information Theory and Its Applications)
cryptanalysis, linear cryptanalysis, differential cryptanalysis, DES-like cryptosystem,
Full Text: PDF(489.6KB)>>
This paper discusses linear cryptanalysis of LOKI89, LOKI91 and s2DES. Our computer program based on Matsui's search algorithm has completely determined their best linear approximate equations, which tell us applicability of linear cryptanalysis to each cryptosystem. As a result, LOKI89 and LOKI91 are resistant to linear cryptanalysis from the viewpoint of the best linear approximate probability, whereas s2DES is breakable by a known-plaintext attack faster than an exhaustive key search. Moreover, our search program, which is also applicable to differential cryptanalysis, has derived their best differential characteristics as well. These values give a complete proof that characteristics found by Knudsen are actully best.