Title :
The piling-up approximation in linear cryptanalysis
Author :
Kukorelly, Zsolt
Author_Institution :
Signal & Inf. Process. Lab., Eidgenossische Tech. Hochschule, Zurich, Switzerland
fDate :
11/1/2001 12:00:00 AM
Abstract :
One of the key identities in linear cryptanalysis is the piling-up lemma, which allows one to compute the probability distribution of a sum modulo 2 of binary random variables, when the probability that these are zero is known. However, the lemma holds only for independent random variables. In linear cryptanalysis, one often (mis)uses this identity without knowing whether the random variables are independent or not. This paper investigates the problems that may arise when using this identity for dependent random variables. In particular, it is shown that the identity holds in almost all cases if one replaces equality by an approximation sign. The amplitude of departure from equality is also given
Keywords :
approximation theory; cryptography; probability; random processes; binary random variables; dependent random variables; independent random variables; linear cryptanalysis; piling-up approximation; piling-up lemma; probability distribution; Approximation algorithms; Cryptography; Distributed computing; Information processing; Linear approximation; Probability distribution; Random variables; Scheduling algorithm; Signal processing;
Journal_Title :
Information Theory, IEEE Transactions on
