Journal Article

Zero-correlation Linear Cryptanalysis of SAFER Block Cipher Family Using the Undisturbed Bits

Wentan Yi, Shaozhen Chen and Yuchen Li

in The Computer Journal

Published on behalf of British Computer Society

Volume 60, issue 4, pages 613-624
Published in print March 2017 | ISSN: 0010-4620
Published online October 2016 | e-ISSN: 1460-2067 | DOI:
Zero-correlation Linear Cryptanalysis of SAFER Block Cipher Family Using the Undisturbed Bits

More Like This

Show all results sharing this subject:

  • Computer Science


Show Summary Details



SAFER is a family of block ciphers, which is comprised of SAFER K, SAFER SK, SAFER+ and SAFER++. SAFER SK was proposed to strengthen the key schedule of SAFER K. SAFER+ was designed as an AES candidate and SAFER++ was among the cryptographic primitives selected for the second phase of the NESSIE project. This paper presented the first zero-correlation linear cryptanalytic attack against the SAFER block cipher family. We investigated the linear properties of PHT employed as the linear layer of the SAFER block ciphers, and identified zero-correlation linear approximations for SAFER SK, SAFER+ and SAFER++. Moreover, we displayed several characterizations of the undisturbed bits, and found that there exists an undisturbed bit in the exponential S-box, which can be applied to reduce the computational complexity in the key recovery attacks on 5 rounds of SAFER SK/128 and 4(5) rounds of SAFER+/128(256), 5(6) rounds of SAFER++/128(256). More rounds of the SAFER block ciphers can be attacked with the linear relations of correlation zero.

Keywords: cryptography; block cipher; undisturbed bits; zero-correlation linear cryptanalysis; SAFER block ciphers

Journal Article.  6161 words.  Illustrated.

Subjects: Computer Science

Full text: subscription required

How to subscribe Recommend to my Librarian

Users without a subscription are not able to see the full content. Please, subscribe or login to access all content.