Linear Cryptanalysis
Linear cryptanalysis is a general style of cryptanalysis based on discovering affine approximations to the element of a cipher. Attacks have been produced for block ciphers and stream ciphers. Linear cryptanalysis is one of the two most broadly used attacks on block ciphers and the other being differential cryptanalysis.
Linear cryptanalysis is a strong cryptanalytic tool regarding cryptanalysis of block ciphers. When using linear cryptanalysis, an adversary attempt to discover a linear expression that approximates a non-linear function with a probability different than 1/2.
When a best approximation, it includes a relation between the plaintext and ciphertext, is discovered, the adversary gains information about the secret key. The approximation has the form −
$$\mathrm{P_{i} \oplus ..\, \oplus P_{j}\oplus C_{k}\oplus C_{1}=k_{m}\oplus k_{n}}$$
with Pi ... Pj being plaintext bits, Ck ... Cl ciphertext bits and Km ... Kn key bits. The approximation influence with some probability p, and its quality is generally computed by the bias which is defined as $\mathrm{\epsilon \, =\, \left|p-\frac{1}{2} \right|}$.
Differential Cryptanalysis
Differential cryptanalysis is a common style of cryptanalysis relevant frequently to block ciphers, but it can also to stream ciphers and cryptographic hash functions. In the generous sense, it is the study of how differences in information input can influence the resultant difference at the output.
In the case of a block cipher, it defines a group of techniques for tracing differences through the web of transformation, finding where the cipher exhibits non-random behavior and exploiting such properties to find the secret key.
The input difference should be acutely chosen for the attack to be strong. An analysis of the algorithm’s private is undertaken and the typical approach is to trace a path of largely probable differences through the several stages of encryption, defined as as differential characteristic.
Let us see the comparison between Linear and Differential Cryptanalysis.
| Linear Cryptanalysis | Differential Cryptanalysis |
|---|---|
| Linear cryptanalysis is a known plaintext
attack, in which the attacker studies
probabilistic linear relations called a
linear approximations among parity bits
of the plaintext, the Ciphertext and the
hidden key. | Differential cryptanalysis can be defined
as a general style of cryptanalysis that is
basically available to block ciphers,
cryptographic hash functions. It involve
a precise analysis of how differences in
information input can influence the
resulting characteristics at the output. |
| In linear cryptanalysis, the aspect of the
cryptanalyst is to recognize the linear
relation between several bits of the
plaintext, there are some bits of the
ciphertext, and few bits of the unknown
key. | By comparing the changes in some
selected plaintexts, and the difference
in the outputs resulting from encrypting
each one, it is applicable to find several
keys. |
| In linear cryptanalysis, the cryptanalyst
decrypts each cipher using some
applicable sub keys for one round of
encryption and studies the resulting
intermediate cipher text to compare the
random outcomes. | In differential cryptanalysis, the changes
to the intermediate cipher text are
acquired between multiple rounds of
encryption. The attacks can be
combined, and this can be defined as
differential-linear cryptanalysis. |