A parallel time-memory tradeoff attack on the Hill cipher.

Leap et al. (<xref>2016</xref>) reduced the time complexity of the Bauer-Millward (<xref>2007</xref>) ciphertext-only attack on the Hill cipher from 풪(Ln) to 풪(Ln−1), where L is the length of the alphabet, and n is the block size. This article presents an attack that reduces the complexity to 풪(Ln−1−s), 0 ≤ s ≤ n − 1. The practical limitation on the size of s is the memory available on the computer being used for the attack. Specifically, the computer must be able to hold Ls integer arrays of length N, where N is the number of blocks of ciphertext. The key idea is not to iterate over potential rows of the decryption matrix, but to iterate over randomly chosen characters in the plaintext. This attack also admits a straightforward parallel implementation on multiple processors to further decrease the run time of the attack. [ABSTRACT FROM AUTHOR]