Javascript verkar inte påslaget? - Vissa delar av Lunds universitets webbplats fungerar inte optimalt utan javascript, kontrollera din webbläsares inställningar.
Du är här

On the problem of finding linear approximations and cryptanalysis of Pomaranch Version 2

Publiceringsår: 2007
Språk: Engelska
Sidor: 220-233
Publikation/Tidskrift/Serie: Selected Areas in Cryptography/Lecture notes in computer science)
Volym: 4356
Dokumenttyp: Konferensbidrag
Förlag: Springer


We give a simple algorithm that can find biased linear approximations of nonlinear building blocks. The algorithm is useful if the building block is relatively small and exhaustive search is possible. Instead of searching all possible linear relations individually, we show how the most biased relation can be found in just a few steps. As an example we show how we can find a biased relation in the output bits of the stream cipher Pomaranch Version 2, a tweaked variant of Pomaranch, resulting in both distinguishing and key recovery attacks. These attacks will break both the 128-bit variant and the 80-bit variant of the cipher with complexity faster than exhaustive key search.


  • Electrical Engineering, Electronic Engineering, Information Engineering
  • cryptanalysis
  • stream ciphers
  • Pomaranch
  • linear approximation


13th International Workshop, SAC 2006
  • ISSN: 1611-3349
  • ISSN: 0302-9743
  • ISBN: 978-3-540-74461-0

Box 117, 221 00 LUND
Telefon 046-222 00 00 (växel)
Telefax 046-222 47 20
lu [at] lu [dot] se

Fakturaadress: Box 188, 221 00 LUND
Organisationsnummer: 202100-3211
Om webbplatsen