Linear cryptanalysis is a powerful method of cryptanalysis of block ciphers introduced by Matsui in 1993. The attack in its current form was first applied to the Data Encryption Standard (DES), but an early variant of linear cryptanalysis, developed by Matsui and Yamagishi, was already successfully used to attack FEAL in 1992.

Linear Cryptanalysis is a known plaintext attack in which the attacker studies probabilistic linear relations (called linear approximations) between parity bits of the plaintext, the ciphertext, and the secret key. Given an approximation with high probability, the attacker obtains an estimate for the parity bit of the secret key by analyzing the parity bits of the known plaintexts and ciphertexts. Using auxiliary techniques he can usually extend the attack to find more bits of the secret key.

However, to conduct a successful Linear Cryptanalysis attack, the initial point is to know some particulars of the block algorithm: if it has S-Box and P-Box and how many XOR operations perform in its rounds. Notice that this knowledge is not mandatory, but the attack will take much longer in this case.

How does OBAKE-512 consider this scenario to resist this type of attack?

- OBAKE-512 has more than one S-Box, with variable sizes.
- OBAKE-512 performs a kind of cyclical Permutations with different schemes among them (no P-Boxes are used).
- OBAKE-512 works with six separate keys, two of them non-dependent of the user entry nor hardware-coded.
- OBAKE-512 works in variable multithreaded block sizes.
- And finally, we keep OBAKE-512 protected by obscurity but available for auditing for more prominent clients (protected by specific NDAs).

These procedures and techniques are effective in avoiding, at the maximum reach of the present technology, the Linear Cryptanalysis attack.

Bibliographic references

H.C.A. Tilborg et al., "Encyclopedia of Cryptography and Security", H. C. A. v. Tilborg Ed., SpringerScience+Business Media LLC, 2011.

M. Matsui, "Linear Cryptanalysis Method for DES Cipher", Advances in Cryptology-EUROCRYPT ’93, Computer Science no. 765, Springer-Verlag, 1994.

M. Matsui, "The First Experimental Cryptanalysis of the Data Encryption Standard", Advances in Cryptology - CRYPTO ’94, Computer Science no. 839, Springer-Verlag, 1994.

E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems",Journal of Cryptology, vol. 4, no. 1, 1991.

E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.

National Bureau of Standards, "Data Encryption Standard", Federal Information Processing Standard 46, 1977.

J. Daemen and V. Rjimen, "AES Proposal: Rijndael", First Advanced Encryption Standard (AES) Conference, California, Aug. 1998.

H.M. Heys and S.E. Tavares, "Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis", Journal of Cryptology, vol. 9, no.1, 1996.

L. Knudsen, "Block Ciphers: A Survey", State of the Art in Applied Cryptography: Course on Computer Security and Industrial Cryptography (Computer Science no. 1528), Springer-Verlag, 1998.

Deavours, C.A. and L. Kruh, "Machine Cryptography and Modern Cryptanalysis", Artech House Ed., Boston, 1985

D. R.Stinson, "Cryptography - Theory and Practice", Ontario: Chapman & Hall/CRC, 2006.