Synthetic linear analysis with applications to CubeHash and Rabbit

In linear cryptanalysis, it has been considered most important and difficult to analyze the bias and find a large bias. The demonstration of a large bias will usually imply that the target crypto-system is not strong. Regarding the bias analysis, researchers tend to look for a theoretical solution for a specific problem. In this paper, we take a first step towards the synthetic approach on bias analysis. We successfully apply our synthetic analysis to improve the most recent linear attacks on CubeHash and Rabbit respectively. CubeHash was selected to the second round of SHA-3 competition. The best linear attack on 11-round CubeHash with 2(470) queries was proposed in Ashur and Dunkelman (2011). We present an improved attack for 11-round CubeHash with complexity 2(414.2). Based on our 11-round attack, we give a new linear attack for 12-round CubeHash with complexity 2(509). It is the first known attack on 12 rounds with complexity below the security parameter 2(512) of CubeHash. Rabbit is a stream cipher among the finalists of ECRYPT Stream Cipher Project (eSTREAM). It has also been published as informational RFC 4503 with the Internet Engineering Task Force (IETF), which is the main standardization body for Internet technology. For Rabbit, the best linear attack with complexity 2(141) was recently presented in [9]. Our synthetic bias analysis yields the improved attack with complexity 2(136).