Final answer:
Linear cryptanalysis of SPNs focuses on finding a non-zero bias in the linear relationship between the inputs and outputs of S-boxes to decrypt encrypted messages. A non-zero bias indicates a correlation that can be exploited, where larger biases provide more information for cryptanalysis.
Step-by-step explanation:
In the context of linear cryptanalysis of Substitution-Permutation Networks (SPNs), the focus is on combating encryption by linear approximating the behavior of S-boxes. In linear cryptanalysis, an attacker aims to find a linear relation between the inputs and outputs that hold with a probability significantly different from 0.5. This is because, in a perfectly random system, the output bit would be independent of the input bits half of the time.
For the cryptanalysis to be effective, the input and output bits at each S-box are chosen so that the bias—the deviation from this 0.5 probability—is non-zero. A non-zero bias indicates that there is a correlation which can be exploited to infer key information. The larger the bias, the more predictable the relationship becomes, providing the analyst with more leverage to uncover the key. It is this non-zero bias that cryptanalysts leverage to crack the cipher.