Cryptanalysis of `nonlinear-parity circuits´ proposed at Crypto ´90

Koyama and Terada (1991) proposed a family of cryptographic functions for application to symmetric block ciphers. The authors show that this family of circuits is affine over GF(2). More explicitly, for any specific key K, the ciphertext Y is related to the plaintext X by the simple affine relation Y=M_KX⊗d_K where M _K is an n×n non singular binary matrix and d_K is an n×1 binary vector n where n is the block length of the cipher. This renders this family of ciphers completely insecure as it can be broken with only n+1 linearly independent plaintext blocks and their corresponding ciphertext blocks