Security Against Generalized Linear Cryptanalysis and Partitioning Cryptanalysis

In this work we give some bounds which can be used to determine if a block cipher is secure against generalized linear cryptanalysis and partitioning cryptanalysis. For this purpose, we give a new de nition of imbalance which has some nice properties, and we show that an equivalent of Matsui's piling-up lemma holds for this de nition. The bounds are illustrated with examples. We prove that it su ces to consider only homomorphic I/O sums when looking for upper bounds on the imbalance. Based on work of Harpes, Kramer, and Massey, we therefore conclude that very likely the cipher IDEA is secure against generalized linear cryptanalysis. Later, we demonstrate how to apply an upper bound for partitioning cryptanalysis to IDEA. We also show that the use of nearly bent functions in the round function most likely thwarts attacks based on the generalization of linear cryptanalysis and on partitioning cryptanalysis. Hopefully this work will bring us towards a setting which can be used to design ciphers that are secure against the two attacks.