And Rijndael?

Rouquette, Loïc; Gerault, David; Minier, Marine; Solnon, Christine

doi:10.1007/978-3-031-17433-9_7

Cited by 5 publications

(19 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While it can be possible to only use truncated differential trails optimizing, the whole process can be more efficient than only optimizing the two steps separately. To do so we improve the linking algorithm of [27] by splitting the first step search in three parts.…”

Section: Connect the Two Stepsmentioning

confidence: 99%

A CP-Based Automatic Tool for Instantiating Truncated Differential Characteristics

Delobel,

Derbez,

Gontier

et al. 2024

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

An important criteria to assert the security of a cryptographic primitive is its resistance against differential cryptanalysis. For word-oriented primitives, a common technique to determine the number of rounds required to ensure the immunity against differential distinguishers is to consider truncated differential characteristics and to count the number of active S-boxes. Doing so allows one to provide an upper bound on the probability of the best differential characteristic with a reduced computational cost. However, in order to design very efficient primitives, it might be needed to evaluate the probability more accurately. This is usually done in a second step, during which one tries to instantiate truncated differential characteristics with actual values and computes its corresponding probability. This step is usually done either with ad-hoc algorithms or with CP, SAT or MILP models that are solved by generic solvers. In this paper, we present a generic tool for automatically generating these models to handle all word-oriented ciphers. Furthermore the running times to solve these models are very competitive with all the previous dedicated approaches.

show abstract

Section: Connect the Two Stepsmentioning

confidence: 99%

A CP-Based Automatic Tool for Instantiating Truncated Differential Characteristics

Delobel,

Derbez,

Gontier

et al. 2024

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…This is due to most of the processes involved being ad hoc, with few to no frameworks to help the cryptanalyst, as is true for most fields in cryptanalysis. Last decade there has been a movement towards the development of frameworks and software for this field in particular, from progress in automated proofs of security for sbox-based ciphers [Mouha et al 2011] and ARX ciphers [Liu et al 2016, Sun et al 2017, and most recently an automatic tool has been used to find related-key differentials for some instances of the block cipher Rijndael [Rouquette et al 2022].…”

Section: Introductionmentioning

confidence: 99%

Revisiting the Biclique Attack on the AES

Carvalho,

Kowada

2023

Anais Do XXIII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2023)

View full text Add to dashboard Cite

The AES Cipher is one of the most widely used block ciphers throughout the world for the better part of two decades now. Despite its relevancy, there has been no great progress in the attempts at finding exploitable flaws or cryptanalysis techniques that are able to find the secret key in less time than simple exhaustive search for its full version. The only exception is biclique cryptanalysis which was used more than once to recover the secret key in marginally less time than simple brute force. The last improvement happened 8 years ago. This paper finds the best results for all but one of the variations attempted on the AES, through the help of the concept of generator sets for related-key differentials, in terms of time complexity as well as a software that semi-automates tests on general word-based ciphers.

show abstract

“…It was a very elegant solution with an easy to understand complexity but that consumed in return a high amount of memory (60 GB) and could not be extended to the larger variants of the AES. Finally, Gérault et al in [GLMS18,GLMS20] and more recently Rouquette et al in [RGMS22] developed a constraint-programming (CP) approach to search for optimal differential characteristics for AES-192 and AES-256 (and more generally for all variants of Rijndael) and managed to provide such characteristics for any number of rounds together with bounds for the minimum number of active S-boxes. This approach was fast and memory-efficient at the same time.…”

Section: Introductionmentioning

confidence: 99%

“…To elaborate this model, we analyzed different strategies for eliminating invalid truncated characteristics without adding too many constraints and propose the best trade-off we found. Our model uses less variables and constraints than the CP approach of [RGMS22] and is faster for most of the AES instances analyzed. It is also more efficient than the MILP model used to find the boomerang characteristics in the work of Derbez et al [DEFN22].…”

Section: Introductionmentioning

confidence: 99%

“…Similarly to [FJP13], we propose an algorithm based on dynamic programming, that uses a compact representation of the state to be memory-efficient. We applied this algorithm to all three versions of the AES and reproduced the results of [FJP13] and [RGMS22]. For AES-128 our method is much faster and requires much less memory than the one of [FJP13] and for the other two variants our computing time is better than in [RGMS22] for most of the instances.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Related-Key Differential Analysis of the AES

Boura,

Derbez,

Funk

2023

ToSC

View full text Add to dashboard Cite

The Advanced Encryption Standard (AES) is considered to be the most important and widely deployed symmetric primitive. While the cipher was designed to be immune against differential and other classical attacks, this immunity does not hold in the related-key setting, and various related-key attacks have appeared over time. This work presents tools and algorithms to search for related-key distinguishers and attacks of differential nature against the AES. First, we propose two entirely different approaches to find optimal truncated differential characteristics and bounds on the minimum number of active S-boxes for all variants of the AES. In the first approach, we propose a simple MILP model that handles better linear inconsistencies with respect to the AES system of equations and that compares particularly well to previous tool-based approaches to solve this problem. The main advantage of this tool is that it can easily be used as the core algorithm to search for any attack on AES exploiting related-key differentials. Then, we design a fast and low-memory algorithm based on dynamic programming that has a very simple to understand complexity analysis and does not depend on any generic solver. This second algorithm provides us useful insight on the related-key differential search problem for AES and shows that the search space is not as big as one would expect. Finally, we build on the top of our MILP model a fully automated tool to search for the best differential MITM attacks against the AES. We apply our tool on AES-256 and find an attack on 13 rounds with only two related keys. This attack can be seen as the best known cryptanalysis against this variant if only 2 related keys are permitted.

show abstract

And Rijndael?

Cited by 5 publications

References 22 publications

A CP-Based Automatic Tool for Instantiating Truncated Differential Characteristics

A CP-Based Automatic Tool for Instantiating Truncated Differential Characteristics

Revisiting the Biclique Attack on the AES

Related-Key Differential Analysis of the AES

Contact Info

Product

Resources

About