Abstract:
Theorems on the exact values of advantages for linear and differential cryptanalysis are proved. The example of universal functional scheme illustrates a wide range of possible errors when the usual methods of estimation the advantages of probabilistic relations are used. It is argued that the probabilistic relations should be constructed for fixed cipher keys separately. The duality between the linear and the differential cryptanalysis is rigorously formulated. The degree of diffusion in linear medium is introduced; it is shown that its maximization should be one of the basic principles of cipher design. This is a quantitative measure of Shannon's qualitative principle that ciphers should realize transforms with high diffusion.
Key words:linear cryptanalysis, differential cryptanalysis, linear medium, block ciphers.
Fulltext:
PDF file (415 kB)