On the Distribution of
Linear Biases: Three Instructive Examples
Mohamed
Ahmed Abdelraheem (
Martin Ågren (
Peter Beelen (
Gregor Leander (
Abstract:
Despite the fact that we evidently have very good block ciphers at hand
today, some fundamental questions on their security are still unsolved. One
such fundamental problem is to precisely assess the security of a given block
cipher with respect to linear cryptanalysis. In by far most of the cases we
have to make (clearly wrong) assumptions, e.g., assume independent
round-keys. Besides being unsatisfactory from a scientific perspective, the
lack of fundamental understanding might have an impact on the performance of
the ciphers we use. As we do not understand the security sufficiently enough,
we often tend to embed a security margin – from an efficiency perspective nothing else than wasted
performance. The aim of this paper is to stimulate research on these
foundations of block ciphers. We do this by presenting three examples of
ciphers that behave differently to what is normally assumed. Thus, on the one
hand these examples serve as counter examples to common beliefs and on the
other hand serve as a guideline for future work.