On Applicability of Linear Cryptanalysis to DES-like Cryptosystems--LOKI89, LOKI91 and s2 DES--

Toshio TOKITA  Tohru SORIMACHI  Mitsuru MATSUI  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E78-A   No.9   pp.1148-1153
Publication Date: 1995/09/25
Online ISSN: 
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Information Theory and Its Applications)
cryptanalysis,  linear cryptanalysis,  differential cryptanalysis,  DES-like cryptosystem,  

Full Text: PDF(489.6KB)>>
Buy this Article

This paper discusses linear cryptanalysis of LOKI89, LOKI91 and s2DES. Our computer program based on Matsui's search algorithm has completely determined their best linear approximate equations, which tell us applicability of linear cryptanalysis to each cryptosystem. As a result, LOKI89 and LOKI91 are resistant to linear cryptanalysis from the viewpoint of the best linear approximate probability, whereas s2DES is breakable by a known-plaintext attack faster than an exhaustive key search. Moreover, our search program, which is also applicable to differential cryptanalysis, has derived their best differential characteristics as well. These values give a complete proof that characteristics found by Knudsen are actully best.