International Association for Cryptologic Research (IACR)
Doi
Abstract
The log-likelihood ratio (LLR) and the chi-squared distribution based test statistics have been proposed in the literature for
performing statistical analysis of key recovery attacks on block ciphers. A limitation of the LLR test statistic is that its
application requires the full knowledge of the corresponding distribution. Previous work using the chi-squared approach required
{\em approximating} the distribution of the relevant test statistic by chi-squared and normal distributions. Problematic issues
regarding such approximations have been reported in the literature.
Perhaps more importantly, both the LLR and the chi-squared based methods are applicable only if the success probability PS is
greater than 0.5. On the other hand, an attack with success probability less than 0.5 is also of considerable interest.
This work proposes a new test statistic for key recovery attacks which has the following features.
Its application does not require the full knowledge of the underlying distribution; it is possible to carry out an analysis using this
test statistic without using any approximations; the method applies for all values of the success probability.
The statistical analysis of the new test statistic follows the hypothesis testing framework and uses Hoeffding\u27s inequalities to
bound the probabilities of Type-I and Type-II errors