Fast computation of linear approximation of general word-oriented composite function

The nonlinear component of word-oriented stream ciphers usually contains a Finite State Machine (FSM). The establishment of linear approximations of word-oriented FSM with high correlations is the basis of linear attack on stream cipher, including linear distinguishing attack and fast correlation attack. However, the existing methods can only give efficient algorithms for several specific word-oriented composite functions. In order to solve this problem, we first define a wider class of composite functions, namely Pseudo-Linear S-box Function Modulo 2n(PLSFM). New PLSFM extends the definition of Pseudo-Linear Function Modulo 2n(PLFM) by introducing S-box functions into PLFM, and covers more composite functions. Secondly, an efficient algorithm for fast calculating the correlation of a given linear approximation of PLSFM is proposed, which allows us to fast search for linear approximations with high correlations. Thirdly, we study the properties of linear approximations of a class of composite functions containing S-box functions, addition modulo 2nand subtraction modulo 2n. Finally, we give the linear approximations of MASHA stream cipher with absolute correlations of 2-23.38 for the first time. If the controlled nonlinear feedback shift register of MASHA degenerates into a linear feedback function, a fast correlation attack with time/data/memory complexity of O(2197.26)/O(2194.96)/O(2196.96) can be given. For SNOW 2.0 stream cipher, we find two other linear approximations with the current best correlation of 2-14.41, then we can give an improved fast correlation attack with time/data/memory complexity of O(2162.91)/O(2161.47)/O(2162.47), respectively. The data complexity of the current best fast correlation attack can be reduced by half if using multiple linear approximations. (c) 2024 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.