Zero-Correlation Linear Cryptanalysis of Reduced Round ARIA with Partial-sum and FFT

Block cipher ARIA was first proposed by some South Korean experts in 2003, and later, it was established as a Korean Standard block cipher algorithm by Korean Agency for Technology and Standards. In this paper, we focus on the security evaluation of ARIA block cipher against the recent zero-correlation linear cryptanalysis. In addition, Partial-sum technique and FFT (Fast Fourier Transform) technique are used to speed up the cryptanalysis, respectively. We first introduce some 4-round linear approximations of ARIA with zero-correlation, and then present some key-recovery attacks on 6/7-round ARIA-128/256 with the Partial-sum technique and FFT technique. The key-recovery attack with Partial-sum technique on 6-round ARIA-128 needs [2.sup.123.6] known plaintexts (KPs), [2.sup.121] encryptions and [2.sup.90.3] bytes memory, and the attack with FFT technique requires [2.sup.124.1] KPs, [2.sup.121.5] encryptions and [2.sup.90.3] bytes memory. Moreover, applying Partial-sum technique, we can attack 7-round ARIA-256 with [2.sup.124.6] KPs, [2.sup.203.5] encryptions and [2.sup.152] bytes memory and 7-round ARIA-256 employing FFT technique, requires [2.sup.124.7] KPs, [2.sup.209.5] encryptions and [2.sup.152] bytes memory. Our results are the first zerocorrelation linear cryptanalysis results on ARIA. Keywords: ARIA, Zero-correlation linear cryptanalysis, Partial sum, FFT, Cryptography