Integral and Multidimensional Linear Distinguishers with Correlation Zero

Andrey Bogdanov, Gregor Leander, Kaisa Nyberg, Meiqin Wang

Advances in Cryptology – ASIACRYPT 2012 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6, 2012. Proceedings


Zero-correlation cryptanalysis uses linear approximations holding with probability exactly 1/2. In this paper, we reveal fundamental links of zero-correlation distinguishers to integral distinguishers and multidimensional linear distinguishers. We show that an integral implies zero-correlation linear approximations and that a zero-correlation linear distinguisher is actually a special case of multidimensional linear distinguishers. These observations provide new insight into zero-correlation cryptanalysis which is illustrated by attacking a Skipjack variant and round-reduced CAST-256 without weak key assumptions.


Tags: CAST-256, integral distinguishers, multidimensional linear distinguishers, Skipjack, zero-correlation cryptanalysis