ScholarGate
⌘K
Assistant
EN
Machine learningCryptanalytic technique

Linear Cryptanalysis

Linear cryptanalysis is a known-plaintext attack that exploits linear approximations of a cipher's non-linear transformations to recover secret key bits. Introduced by Mitsuru Matsui in 1993, linear cryptanalysis provides practical attacks on ciphers like DES with computational complexity less than brute force. The technique analyzes statistical biases in how linear combinations of plaintext and ciphertext bits relate to key bits, enabling key recovery with reduced data requirements.

Open in MethodMindSoonVideoSoon

Read the full method

Members only

Sign in with a free account to read this section.

Sign in

Sources

  1. Matsui, M. (1993). Linear cryptanalysis method for DES cipher. In Advances in Cryptology - EUROCRYPT 1993, LNCS 765, pp. 386-397. DOI: 10.1007/3-540-48285-7_33
  2. Matsui, M. (1994). The first experimental cryptanalysis of the Data Encryption Standard. In Advances in Cryptology - CRYPTO 1994, LNCS 839, pp. 1-11. DOI: 10.1007/3-540-48658-5_1

Related methods

AES (Rijndael)Differential CryptanalysisSide-Channel Analysis

Referenced by

AES (Rijndael)Differential Cryptanalysis

Spotted an issue on this page? Report or suggest a fix →

ScholarGateLinear Cryptanalysis (Linear Cryptanalysis). Retrieved 2026-06-04 from https://scholargate.app/en/cryptography/linear-cryptanalysis