The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-ie-support).

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

On the problem of finding linear approximations and cryptanalysis of Pomaranch Version 2

Author

Summary, in English

We give a simple algorithm that can find biased linear approximations of nonlinear building blocks. The algorithm is useful if the building block is relatively small and exhaustive search is possible. Instead of searching all possible linear relations individually, we show how the most biased relation can be found in just a few steps. As an example we show how we can find a biased relation in the output bits of the stream cipher Pomaranch Version 2, a tweaked variant of Pomaranch, resulting in both distinguishing and key recovery attacks. These attacks will break both the 128-bit variant and the 80-bit variant of the cipher with complexity faster than exhaustive key search.

Publishing year

2007

Language

English

Pages

220-233

Publication/Series

Selected Areas in Cryptography/Lecture notes in computer science)

Volume

4356

Document type

Conference paper

Publisher

Springer

Topic

  • Electrical Engineering, Electronic Engineering, Information Engineering

Keywords

  • cryptanalysis
  • stream ciphers
  • Pomaranch
  • linear approximation

Conference name

13th International Workshop, SAC 2006

Conference date

2006-08-17 - 2006-08-18

Conference place

Montreal, Canada

Status

Published

ISBN/ISSN/Other

  • ISSN: 0302-9743
  • ISSN: 1611-3349
  • ISBN: 978-3-540-74461-0