It is a form of partitioning cryptanalysis that exploits unevenness in how the cipher operates over equivalence classes (congruence classes) modulo n. The method was first suggested in 1999 by John Kelsey, Bruce Schneier, and David Wagner and applied to RC5P (a variant of RC5) and M6 (a family of block ciphers used in the FireWire standard).
These attacks used the properties of binary addition and bit rotation modulo a Fermat prime.
It was observed that the operations in the cipher (rotation and addition, both on 32-bit words) were somewhat biased over congruence classes mod 3.
Analysis of other operations (data dependent rotation and modular addition) reveals similar, notable biases.
Although there are some theoretical problems analysing the operations in combination, the bias can be detected experimentally for the entire cipher.