Improving Key-Recovery in Linear Attacks - Application to 28-Round PRESENT

Explore a comprehensive analysis of improved key-recovery techniques in linear cryptanalysis, focusing on their application to the 28-round PRESENT block cipher. Delve into Matsui's Algorithm 2 for last-round attacks and examine the work of Collard et al. (2008) before discovering the main contribution: a generalized algorithm. Learn how to exploit key schedules, implement Walsh Transform pruning, and utilize the affine Pruned Walsh Transform. Investigate methods for combining correlations in multiple attacks and study linear approximations and distinguishers specific to PRESENT. Conclude with a detailed example of key recovery on 28-round PRESENT-80, compare various linear attacks on PRESENT, and explore open problems in the field.

Introduction
Organisation
Matsui's Algorithm 2: Last-round attack
The work of Collard et al. (2008)
Main contribution: Generalised algorithm
Exploiting the key schedule
Walsh Transform pruning
The (affine) Pruned Walsh Transform
Combining correlations for multiple attacks
The PRESENT block cipher
Linear approximations of PRESENT
Linear distinguishers for PRESENT DISTINGUISHER 1 (used in 26,27-round attacks)
Example: Key recovery on 28-round PRESENT-80
Comparison of linear attacks on PRESENT
Summary of our results
Open problems