{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:42:13Z","timestamp":1767339733537,"version":"3.37.3"},"reference-count":21,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,10,1]],"date-time":"2021-10-01T00:00:00Z","timestamp":1633046400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,10,1]],"date-time":"2021-10-01T00:00:00Z","timestamp":1633046400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100014718","name":"Innovative Research Group Project of the National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61379138"],"award-info":[{"award-number":["61379138"]}],"id":[{"id":"10.13039\/100014718","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2021,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>For block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 2<jats:sup>60.4<\/jats:sup> distinct known plaintexts, 2<jats:sup>78.85<\/jats:sup> time complexity and 2<jats:sup>61<\/jats:sup> bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 2<jats:sup>61.5<\/jats:sup> distinct known plaintexts, 2<jats:sup>126.15<\/jats:sup> time complexity and 2<jats:sup>61<\/jats:sup> bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.<\/jats:p>","DOI":"10.1186\/s42400-021-00096-4","type":"journal-article","created":{"date-parts":[[2021,10,1]],"date-time":"2021-10-01T02:45:54Z","timestamp":1633056354000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers"],"prefix":"10.1186","volume":"4","author":[{"given":"Wenqin","family":"Cao","sequence":"first","affiliation":[]},{"given":"Wentao","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,10,1]]},"reference":[{"issue":"1-2","key":"96_CR1","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/s10623-016-0268-6","volume":"82","author":"C Blondeau","year":"2017","unstructured":"Blondeau, C, Nyberg K (2017) Joint data and key distribution of simple, multiple, and multidimensional linear cryptanalysis test statistic and its impact to data complexity. Des Codes Crypt 82(1-2):319\u2013349.","journal-title":"Des Codes Crypt"},{"key":"96_CR2","first-page":"357","volume-title":"19th International Conference on the Theory and Application of Cryptology and Information Security","author":"A Bogdanov","year":"2013","unstructured":"Bogdanov, A, Boura C, Rijmen V, Wang M, Wen L, Zhao J (2013) Key difference invariant bias in block ciphers. In: Sako K Sarkar P (eds)19th International Conference on the Theory and Application of Cryptology and Information Security, 357\u2013376.. Springer, Berlin, Heidelberg."},{"key":"96_CR3","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-40392-7_5","volume-title":"Second International Workshop Lightweight Cryptography for Security and Privacy","author":"\u00d6 Boztas","year":"2013","unstructured":"Boztas, \u00d6, Karako\u00e7 F, \u00c7oban M (2013) Multidimensional meet-in-the-middle attacks on reduced-round TWINE-128. In: Avoine G Kara O (eds)Second International Workshop Lightweight Cryptography for Security and Privacy, 55\u201367.. Springer, Berlin, Heidelberg."},{"key":"96_CR4","first-page":"383","volume-title":"11th International Conference Information Security and Cryptology","author":"JY Cho","year":"2008","unstructured":"Cho, JY, Hermelin M, Nyberg K (2008) A new technique for multidimensional linear cryptanalysis with applications on reduced round serpent. In: Lee PJ Cheon JH (eds)11th International Conference Information Security and Cryptology, 383\u2013398.. Springer, Berlin, Heidelberg."},{"key":"96_CR5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-04722-4","volume-title":"The Design of Rijndael: AES - The Advanced Encryption Standard","author":"J Daemen","year":"2002","unstructured":"Daemen, J, Rijmen V (2002) The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Berlin, Heidelberg."},{"issue":"3","key":"96_CR6","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1515\/JMC.2007.011","volume":"1","author":"J Daemen","year":"2007","unstructured":"Daemen, J, Rijmen V (2007) Probability distributions of correlation and differentials in block ciphers. J Math Cryptol 1(3):221\u2013242.","journal-title":"J Math Cryptol"},{"key":"96_CR7","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-70500-0_15","volume-title":"13th Australasian Conference Information Security and Privacy","author":"M Hermelin","year":"2008","unstructured":"Hermelin, M, Cho JY, Nyberg K (2008) Multidimensional linear cryptanalysis of reduced round serpent. In: Mu Y, Susilo W, Seberry J (eds)13th Australasian Conference Information Security and Privacy, 203\u2013215.. Springer, Berlin, Heidelberg."},{"key":"96_CR8","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-642-03317-9_13","volume-title":"Fast Software Encryption","author":"M Hermelin","year":"2009","unstructured":"Hermelin, M, Cho JY, Nyberg K (2009) Multidimensional extension of Matsui\u2019s algorithm 2. In: Dunkelman O (ed)Fast Software Encryption, 209\u2013227.. Springer, Berlin, Heidelberg."},{"key":"96_CR9","first-page":"26","volume-title":"14th Annual International Cryptology Conference","author":"BS Kaliski","year":"1994","unstructured":"Kaliski, BS, Robshaw MJB (1994) Linear cryptanalysis using multiple approximations. In: Desmedt Y (ed)14th Annual International Cryptology Conference, 26\u201339.. Springer, Berlin, Heidelberg."},{"key":"96_CR10","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/978-3-642-34129-8_6","volume-title":"14th International Conference Information and Communications Security","author":"S Liu","year":"2012","unstructured":"Liu, S, Gong Z, Wang L (2012) Improved related-key differential attacks on reduced-round LBlock. In: Chim TW Yuen TH (eds)14th International Conference Information and Communications Security, 58\u201369.. Springer, Berlin, Heidelberg."},{"key":"96_CR11","first-page":"386","volume-title":"Advances in Cryptology - EUROCRYPT \u201993","author":"M Matsui","year":"1993","unstructured":"Matsui, M (1993) Linear cryptanalysis method for DES cipher. In: Helleseth T (ed)Advances in Cryptology - EUROCRYPT \u201993, 386\u2013397.. Springer, Berlin, Heidelberg."},{"issue":"16","key":"96_CR12","doi-asserted-by":"publisher","first-page":"624","DOI":"10.1016\/j.ipl.2012.04.012","volume":"112","author":"M Minier","year":"2012","unstructured":"Minier, M, Naya-Plasencia M (2012) A related key impossible differential attack against 22 rounds of the lightweight block cipher lblock. Inf Process Lett 112(16):624\u2013629.","journal-title":"Inf Process Lett"},{"key":"96_CR13","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-642-35999-6_16","volume-title":"Selected Areas in Cryptography","author":"Y Sasaki","year":"2013","unstructured":"Sasaki, Y, Wang L (2013) Meet-in-the-middle technique for integral attacks against feistel ciphers. In: Knudsen LR Wu H (eds)Selected Areas in Cryptography, 234\u2013251.. Springer, Berlin, Heidelberg."},{"key":"96_CR14","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/978-3-642-37682-5_12","volume-title":"Information Security and Cryptology \u2013 ICISC 2012","author":"Y Sasaki","year":"2013","unstructured":"Sasaki, Y, Wang L (2013) Comprehensive study of integral analysis on 22-round lblock. In: Kwon T, Lee M-K, Kwon D (eds)Information Security and Cryptology \u2013 ICISC 2012, 156\u2013169.. Springer, Berlin, Heidelberg."},{"key":"96_CR15","first-page":"174","volume-title":"Third International Conference Security in Communication Networks","author":"AA Sel\u00e7uk","year":"2002","unstructured":"Sel\u00e7uk, AA, Bi\u00e7ak A (2002) On probability of success in linear and differential cryptanalysis. In: Cimato S, Galdi C, Persiano G (eds)Third International Conference Security in Communication Networks, 174\u2013185.. Springer, Berlin, Heidelberg."},{"issue":"2","key":"96_CR16","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1007\/s10623-014-9976-y","volume":"73","author":"H Soleimany","year":"2014","unstructured":"Soleimany, H, Nyberg K (2014) Zero-correlation linear cryptanalysis of reduced-round lblock. Des Codes Crypt 73(2):683\u2013698.","journal-title":"Des Codes Crypt"},{"key":"96_CR17","first-page":"339","volume-title":"19th International Conference Selected Areas in Cryptography","author":"T Suzaki","year":"2012","unstructured":"Suzaki, T, Minematsu K, Morioka S, Kobayashi E (2012) TWINE: A lightweight block cipher for multiple platforms. In: Knudsen LR Wu H (eds)19th International Conference Selected Areas in Cryptography, 339\u2013354.. Springer, Berlin, Heidelberg."},{"key":"96_CR18","doi-asserted-by":"publisher","first-page":"136","DOI":"10.1007\/978-3-319-30840-1_9","volume-title":"Information Security and Cryptology - ICISC 2015","author":"N Wang","year":"2016","unstructured":"Wang, N, Wang X, Jia K (2016) Improved impossible differential attack on reduced-round lblock. In: Kwon S Yun A (eds)Information Security and Cryptology - ICISC 2015, 136\u2013152.. Springer International Publishing, Berlin, Heidelberg."},{"key":"96_CR19","first-page":"1","volume-title":"19th Australasian Conference Information Security and Privacy","author":"Y Wang","year":"2014","unstructured":"Wang, Y, Wu W (2014) Improved multidimensional zero-correlation linear cryptanalysis and applications to lblock and TWINE. In: Susilo W Mu Y (eds)19th Australasian Conference Information Security and Privacy, 1\u201316.. Springer, Berlin, Heidelberg."},{"issue":"1","key":"96_CR20","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/s11390-014-1419-8","volume":"29","author":"L Wen","year":"2014","unstructured":"Wen, L, Wang M-Q, Zhao J-Y (2014) Related-key impossible differential attack on reduced-round lblock. J Comput Sci Technol 29(1):165\u2013176.","journal-title":"J Comput Sci Technol"},{"key":"96_CR21","doi-asserted-by":"crossref","unstructured":"Wu, W, Zhang L (2011) LBlock: A lightweight block cipher. In: L\u00f3pez J Tsudik G (eds)9th International Conference Applied Cryptography and Network Security, 327\u2013344.","DOI":"10.1007\/978-3-642-21554-4_19"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00096-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-021-00096-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00096-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,1]],"date-time":"2021-10-01T02:48:32Z","timestamp":1633056512000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-021-00096-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,1]]},"references-count":21,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,12]]}},"alternative-id":["96"],"URL":"https:\/\/doi.org\/10.1186\/s42400-021-00096-4","relation":{},"ISSN":["2523-3246"],"issn-type":[{"type":"electronic","value":"2523-3246"}],"subject":[],"published":{"date-parts":[[2021,10,1]]},"assertion":[{"value":"24 March 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 July 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 October 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"32"}}