New Strategies To Improve Differential-Linear Attacks With Applications To Chaskey

Differential-linear cryptanalysis, as the combination of differential and linear cryptanalysis, is an efficient way to attack many kinds of ciphers. Recently, various refinements to this cryptanalytic technique have been proposed, especially with good effects on ARX ciphers. In the current framework of a differential-linear attack, a cipher E is often divided into three parts: a differential part E-1, a linear part E-2 and a connective part E-m. It is a challenging problem to deal with the connective part when building a differential-linear distinguisher, and for ARX ciphers, estimating the correlation of E-m experimentally under given input difference Delta(m) and output linear mask Gamma(m) is the main approach so far. In this paper, we discuss the effects of Delta(m) and Gamma(m) on the correlation of E-m for the first time. As a result, we propose a new strategy to find Delta(m) and Gamma(m) to build differential-linear distinguishers with high correlations for ARX ciphers based on algebraic equations derived from their round functions. For the key recovery parts of differential-linear attacks, we also find a new partitioning technique which will reduce the time complexity. Based on our new methods, we improve the differential-linear attack on 7-round Chaskey.