Linear cryptanalysis, whose original ideas can be traced back to the seminal works of Anne Tardy-Corfdir and Henri Gilbert, A Known Plaintext Attack of FEAL-4 and FEAL-6, presented at Crypto'91, as well as the now classical paper of Eurocrypt'93 by Mitsuru Matsui, Linear Cryptanalyis of DES Cipher, has quickly demonstrated to be one of the most efficient ways to break symmetrical cryptographic primitives.
Since its invention in the early 90s, several theoretical and practical aspects of this technique have been well studied, understood and generalized, resulting on the one hand in much more elaborated attacks against certain ciphers and on the other hand, in some negative results regarding the potential of various attempts of generalization.
We believe that the field is now sufficiently mature to take a snapshot of its current state and look at future potential developments. This volume aims at giving a recent state-of-the-art in the discipline, and to expose its latest developments. It consists of five parts:
- The first part, written by Baudoin Collard and François-Xavier Standaert, provides a thorough treatement and an experimental survey of the basic assumptions in linear cryptanalysis and their consequences for the design of modern block ciphers.
- The second part, written by Miia Hermelin and Kaisa Nyberg, is exposing a theory of multidimensional linear attacks on block ciphers.
- The third part, written by Martin Hell and Thomas Johansson, is a survey of how linear attacks can be applied on stream ciphers that gives an overview of the development of linear attacks as well as a theoretical explanation on how a linear attack on a stream cipher is typically launched today.
- The fourth part, written by Benoît Gérard and Jean-Pierre Tillich, details several interesting and useful links between linear cryptanalysis and coding theory.
- Finally, the fifth part, written by Joan Daemen and Vincent Rijmen, discusses how correlation analysis can be conducted at the level of elements of GF(2n) without having to deal with field representation issues.
We hope that the contents of this book will be useful and appreciated by anybody willing to dive into this fascinating, yet complex part of symmetrical cryptanalysis.
Finally, we would like to warmly thank many people: the authors of the five parts, for their high-quality contributions; Raphael C.-W. Phan, a coordinating editor of the Information for Cryptology and Information Security Series published by IOS Press, for having proposed us to edit a volume related to linear cryptanalysis; and Maarten Fröhlich, Carry Koolbergen and Maureen Twaig, from IOS Press, for their patience with respect to the numerous missed deadlines and the smooth publishing process.
Anne Canteaut (INRIA) and Pascal Junod (HEIG-VD), August 2011