@inproceedings{86605fac989449b7b3010b3596a929da,
title = "On multidimensional linear cryptanalysis",
abstract = "Matsui's Algorithms 1 and 2 with multiple approximations have been studied over 16 years. In CRYPTO'04, Biryukov et al. proposed a formal framework based on m statistically independent approximations. Started by Hermelin et al. in ACISP'08, a different approach was taken by studying m-dimensional combined approximations from m base approximations. Known as multidimensional linear cryptanalysis, the requirement for statistical independence is relaxed. In this paper we study the multidimensional Alg. 1 of Hermelin et al.. We derive the formula for N, the number of samples required for the attack and we improve the algorithm by reducing time complexity of the distillation phase from 2 m N to 2m2m + mN, and that of the analysis phase from 22m to 3m2m. We apply the results on 4- and 9-round Serpent and show that Hermelin et al. actually provided a formal model for the hypothesis of Biryukov et al. in practice, and this model is now much more practical with our improvements.",
author = "Nguyen, {Phuong Ha} and Lei Wei and Huaxiong Wang and San Ling",
year = "2010",
doi = "10.1007/978-3-642-14081-5_3",
language = "English",
isbn = "3642140807",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer, Springer Nature",
pages = "37--52",
editor = "Ron Steinfeld and Philip Hawkes",
booktitle = "Information Security and Privacy - 15th Australasian Conference, ACISP 2010, Proceedings",
address = "United States",
note = "15th Australasian Conference on Information Security and Privacy, ACISP 2010 ; Conference date: 05-07-2010 Through 07-07-2010",
}