Non-homomorphic Linear Cryptanalysis Of Reduced-Round Versions Of The SAFER Block Cipher Family

With the rapid development of computer, internet and communications technology, the world is entering the information age. Every day, vast amounts of information transmitted over the network, Many of them are involved in the political, economic, financial and people’s private information. Therefore, how to storage and transmits information security under the open network environment become importantly and urgently. An effective means to solve this problem is to use the cryptographic techniques.Cryptology is summarized including cryptography and cryptanalysis. Cryp-tography designs and implements the cryptographic algorithm, aims to build the cryptographic system hard to crack.Block cipher is a big branch of cryptographic algorithm, the classic block cipher includes DES, AES, SAFER etc. Block cipher is fast and easy stan-dardization and software and hardware implements. So it is widely used in the network protocol for data encryption, message identification and authentica-tion and key management.The researches around the block cipher most includes design theory, anal-ysis methods, operating modes, aspects of rapid implementation and testing assessment. Block cipher design and attack is a pair of both opposing and mutually unified contradiction, they together promote the development of the block cipher. The cryptanalysis of block cipher provide new ideas for the cryp-tographic design, and A well thought out design give the cryptanalysis a severe challenge.There are a variety of attacks against block cipher,Such as differential attacks, linear attacks,rectangle attack, square attack, integral attacks, related-key attack and side-channel attacks.SAFER(Secure And Fast Encryption Routine) series of block cipher in-clude SAFER K-64,SAFER K-128,SAFER SK-64,SAFER SK-128,SAFER+and SAFER++.This paper presents a linear cryptanalytic attack against reduced round variants of the SAFER family of block ciphers.Harpes et al. proposed a1.5round linear relations, and Jorge proposed a3.75-round non-homomorphic linear relations for both SAFER-K and SAFER-K with bias∈=2-29. We improve the3.75-round non-homomorphic linear relations by expand the linear mask from2bits to4bits. At last, we find a3.75-round non-homomorphic linear relations with bias∈=2-26.68and a4.25-round non-homomorphic linear relations with bias∈=2-31.36. We use the above linear relations to attack5round SAFER-K/-SK.