Zero-Correlation Linear Cryptanalysis with Equal Treatment for Plaintexts and Tweakeys.

The original zero-correlation linear attack on a tweakable block cipher E K , T ( E K , T is an ordinary block cipher when | T | = 0 ) with key K and tweak T exploits linear approximations ⟨ α , x ⟩ ⊕ ⟨ β , E K , T ( x ) ⟩ with correlation zero for any fixed K and T , where the correlation is computed over all possible plaintexts x . Obviously, the plaintexts, keys, and tweaks are not treated equally. In this work, we regard the tweakable block cipher as a vectorial Boolean function F : F 2 n + m + l → F 2 n mapping ( x , K , T ) ∈ F 2 n + m + l to E K , T ( x ) ∈ F 2 n , and try to find zero-correlation linear approximations of F of the form