Piling-up lemma

In cryptanalysis, the piling-up lemma is a principle used in linear cryptanalysis to construct linear approximation to the action of block ciphers. It was introduced by Mitsuru Matsui (1993) as an analytical tool for linear cryptanalysis. In cryptanalysis, the piling-up lemma is a principle used in linear cryptanalysis to construct linear approximation to the action of block ciphers. It was introduced by Mitsuru Matsui (1993) as an analytical tool for linear cryptanalysis. The piling-up lemma allows the cryptanalyst to determine the probability that the equality: holds, where the X 's are binary variables (that is, bits: either 0 or 1). Let P(A) denote 'the probability that A is true'. If it equals one, A is certain to happen, and if it equals zero, A cannot happen. First of all, we consider the piling-up lemma for two binary variables, where P ( X 1 = 0 ) = p 1 {displaystyle P(X_{1}=0)=p_{1}} and P ( X 2 = 0 ) = p 2 {displaystyle P(X_{2}=0)=p_{2}} .