What is the difference between Linear Cryptanalysis and Differential Cryptanalysis in Information Security?

Linear Cryptanalysis

Linear cryptanalysis is a general style of cryptanalysis based on discovering affine approximations to the element of a cipher. Attacks have been produced for block ciphers and stream ciphers. Linear cryptanalysis is one of the two most broadly used attacks on block ciphers and the other being differential cryptanalysis.

Linear cryptanalysis is a strong cryptanalytic tool regarding cryptanalysis of block ciphers. When using linear cryptanalysis, an adversary attempt to discover a linear expression that approximates a non-linear function with a probability different than 1/2.

When a best approximation, it includes a relation between the plaintext and ciphertext, is discovered, the adversary gains information about the secret key. The approximation has the form −

$$\mathrm{P_{i} \oplus ..\, \oplus P_{j}\oplus C_{k}\oplus C_{1}=k_{m}\oplus k_{n}}$$

with Pi ... Pj being plaintext bits, Ck ... Cl ciphertext bits and Km ... Kn key bits. The approximation influence with some probability p, and its quality is generally computed by the bias which is defined as $\mathrm{\epsilon \, =\, \left|p-\frac{1}{2} \right|}$.

Differential Cryptanalysis

Differential cryptanalysis is a common style of cryptanalysis relevant frequently to block ciphers, but it can also to stream ciphers and cryptographic hash functions. In the generous sense, it is the study of how differences in information input can influence the resultant difference at the output.

In the case of a block cipher, it defines a group of techniques for tracing differences through the web of transformation, finding where the cipher exhibits non-random behavior and exploiting such properties to find the secret key.

The input difference should be acutely chosen for the attack to be strong. An analysis of the algorithm’s private is undertaken and the typical approach is to trace a path of largely probable differences through the several stages of encryption, defined as as differential characteristic.

Let us see the comparison between Linear and Differential Cryptanalysis.

Linear Cryptanalysis
Differential Cryptanalysis
Linear cryptanalysis is a known plaintext attack, in which the attacker studies probabilistic linear relations called a linear approximations among parity bits of the plaintext, the Ciphertext and the hidden key.
Differential cryptanalysis can be defined as a general style of cryptanalysis that is basically available to block ciphers, cryptographic hash functions. It involve a precise analysis of how differences in information input can influence the resulting characteristics at the output.
In linear cryptanalysis, the aspect of the cryptanalyst is to recognize the linear relation between several bits of the plaintext, there are some bits of the ciphertext, and few bits of the unknown key.
By comparing the changes in some selected plaintexts, and the difference in the outputs resulting from encrypting each one, it is applicable to find several keys.
In linear cryptanalysis, the cryptanalyst decrypts each cipher using some applicable sub keys for one round of encryption and studies the resulting intermediate cipher text to compare the random outcomes.
In differential cryptanalysis, the changes to the intermediate cipher text are acquired between multiple rounds of encryption. The attacks can be combined, and this can be defined as differential-linear cryptanalysis.