Introduced by Martin Hellman and Susan K. Langford in 1994, the differential-linear attack is a mix of both linear cryptanalysis and differential cryptanalysis.

The attack utilises a differential characteristic over part of the cipher with a probability of 1 (for a few rounds—this probability would be much lower for the whole cipher). The rounds immediately following the differential characteristic have a linear approximation defined, and we expect that for each chosen plaintext pair, the probability of the linear approximation holding for one chosen plaintext but not the other will be lower for the correct key. Hellman and Langford have shown that this attack can recover 10 key bits of an 8-round DES with only 512 chosen plaintexts and an 80% chance of success.

The attack was generalised by Eli Biham et al. to use differential characteristics with probability less than 1. Besides DES, it has been applied to FEAL, IDEA, Serpent, Camellia, and even the stream cipher Phelix.

• Johan Borst (February 1997). "Differential-Linear Cryptanalysis of IDEA". CiteSeerX 10.1.1.49.5084. ((cite journal)): Cite journal requires |journal= (help)
• Johan Borst, Lars R. Knudsen, Vincent Rijmen (May 1997). Two Attacks on Reduced IDEA (PDF). Advances in Cryptology – EUROCRYPT '97. Konstanz: Springer-Verlag. pp. 1–13. Retrieved 2007-03-08.((cite conference)): CS1 maint: multiple names: authors list (link)
• Eli Biham; Orr Dunkelman; Nathan Keller (December 2002). Enhancing Differential-Linear Cryptanalysis (PDF/gzipped PostScript). Advances in Cryptology, proceeding of ASIACRYPT 2002, Lecture Notes in Computer Science 2501. Queenstown, New Zealand: Springer-Verlag. pp. 254–266. Retrieved 2006-12-07.
• Eli Biham, Orr Dunkelman, Nathan Keller (February 2003). Differential-Linear Cryptanalysis of Serpent (PDF/PostScript). 10th International Workshop on Fast Software Encryption (FSE '03). Lund: Springer-Verlag. pp. 9–21. Retrieved 2007-03-08.((cite conference)): CS1 maint: multiple names: authors list (link)
• Hongjun Wu, Bart Preneel (December 12, 2006). Differential-Linear Attacks against the Stream Cipher Phelix (PDF). 14th International Workshop on Fast Software Encryption (FSE '07). Luxembourg City: Springer-Verlag. Archived from the original (PDF) on 2008-08-20. Retrieved 2007-03-08.
• Eli Biham, Orr Dunkelman, Nathan Keller (December 12, 2006). A New Attack on 6-round IDEA. 14th International Workshop on Fast Software Encryption (FSE '07). Luxembourg City: Springer-Verlag.((cite conference)): CS1 maint: multiple names: authors list (link)