Optimising Linear Key Recovery Attacks with Affine Walsh Transform Pruning

Abstract

International audienceLinear cryptanalysis [25] is one of the main families of keybrecovery attacks on block ciphers. Several publications [16,19] have drawn attention towards the possibility of reducing their time complexity using the fast Walsh transform. These previous contributions ignore the structure of the key recovery rounds, which are treated as arbitrary boolean functions. In this paper, we optimise the time and memory complexities of these algorithms by exploiting zeroes in the Walsh spectra of these functions using a novel affine pruning technique for the Walsh Transform. These new optimisation strategies are then showcased with two application examples: an improved attack on the DES [1] and the first known atttack on 29-round PRESENT-128 [9]