By Mitsuru Matsui (auth.), Yvo G. Desmedt (eds.)

The CRYPTO ’94 convention is backed through the overseas organization for Cryptologic examine (IACR), in co-operation with the IEEE machine Society Technical Committee on defense and privateness. It has taken position on the Univ- sity of California, Santa Barbara, from August 21-25,1994. this can be the fourteenth annual CRYPTO convention, all of that have been held at UCSB. this is often the 1st time that court cases can be found on the convention. the final Chair, Jimmy R. Upton has been liable for neighborhood association, registration, and so forth. there have been 114 submitted papers that have been thought of via this system Committee. of those, 1 was once withdrawn and 38 have been chosen for the proce- ings. There also are three invited talks. of those are on elements of cryptog- phy within the advertisement global. the single on points might be awarded through David Maher (AT&T), the only on software program points through Joseph Pato (Hewlett- Packard). there'll even be a panel dialogue on “Securing an digital international: Are We Ready?” The panel individuals may be: Ross Anderson, Bob Blakley, Matt Blaze, George Davida, Yvo Desmedt (moderator), Whitfield Diffie, Joan Feig- baum, Blake Greenlee, Martin Hellman, David Maher, Miles Smid. the subject of the panel might be brought by way of the invited speak of Whitfield Diffie on ”Securing the data road. ” those court cases include revised types of the 38 contributed talks. every one i paper was once despatched to at the least three individuals of this system committee for comments.

Sample text

Only bit) 17 of L7 must be computed. This computation involves only S1 in round 8, so we can test the 6-bit subkey 2<8,1. 6% of the time; when an incorrect value is used, the produced data is more random and we expect to observe parity invariance closer to 50% of the time. Based on Matsui’s rule of thumb that approximately 8 / ( ~ - 0 . 5 ) observations ~ are needed when r is the probability of observing a parity relation, one would expect our attack to require about 1,400 pairs of chosen plaintexts.

Lyst,for a successful attack on a block cipher using linear cryptanalysis. Our paper is organized as follows. We briefly describe the technique of linear c,ryptanalysis, and then we present, an adaptation of these methods which allows us t o use multiple linear approximations. e of our techniques we present experimental evidence that supports our claims. Wc then consider some of t h e implications of our work and draw our conclusions. G. ): Advances in Cryptology - CRYPT0 '94, LNCS 839, pp. 26-39, 1994.

J"i References 1. , Kantor, W. , Lubotsky, A: Small-diameter Cayley graphs for finite simple groups. Europ. J. of Combinatorics 10 (1989) 507-522 2. Bosset, J: Contre les risques d'altCration, un systkme de certifications des informations. 01 Informatique (1977) 3. Camion, P: Can a fast signature scheme without secret key be secure ? In proc. AAECC (1987) Springer-Verlag Lec. N. Comp. Sci. 228 pp. 187-196 4. pickson, L: Linear groups with an exposition of the Galois field theory. Dover New York 1958 5.

Advances in Cryptology — CRYPTO '94: 14th Annual International Cryptology Conference Santa Barbara, California, USA August 21–25, 1994 Proceedings by Mitsuru Matsui (auth.), Yvo G. Desmedt (eds.)

