New Impossible Differential Attacks on AES

Lu, Jiqiang; Dunkelman, Orr; Keller, Nathan; Kim, Jongsung

doi:10.1007/978-3-540-89754-5_22

Cited by 113 publications

(123 citation statements)

References 13 publications

Supporting

Mentioning

114

Contrasting

Order By: Relevance

“…Recent cryptanalytical attacks have predominantly been focused on other properties, such as impossible differentials [1,9,12]. The use of impossible differentials is related to the Square attack but allows an attacker to overcome variants of AES with more rounds.…”

Section: Introductionmentioning

confidence: 99%

Improved “Partial Sums”-based Square Attack on AES

Tunstall

2012

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

Abstract. The Square attack as a means of attacking reduced round variants of AES was described in the initial description of the Rijndael block cipher. This attack can be applied to AES, with a relatively small number of chosen plaintext-ciphertext pairs, reduced to less than six rounds in the case of AES-128 and seven rounds otherwise and several extensions to this attack have been described in the literature. In this paper we describe new variants of these attacks that have a smaller time complexity than those present in the literature. Specifically, we demonstrate that the quantity of chosen plaintext-ciphertext pairs can be halved producing the same reduction in the time complexity. We also demonstrate that the time complexity can be halved again for attacks applied to AES-128 and reduced by a smaller factor for attacks applied to AES-192. This is achieved by eliminating hypotheses on-the-fly when bytes in consecutive subkeys are related because of the key schedule.

show abstract

Section: Introductionmentioning

confidence: 99%

Improved “Partial Sums”-based Square Attack on AES

Tunstall

2012

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

show abstract

“…Many cryptanalytic results on the security of AES-192 (in the single-key attack scenario) have been published so far [4,8,9,12,13,17,18]; and in terms of the numbers of attacked rounds, the square attack [3] on 8-round AES-192 [8] is the best currently published cryptanalytic result for AES-192, which requires almost the entire codebook and has a time complexity of 2 188 8-round AES encryptions.…”

Section: Introductionmentioning

confidence: 99%

“…In this paper, we find that a meet-in-the-middle attack on 8-round AES-192 can be obtained from Demirci and Selçuk's and Demirci et al's work, which is based on the following two simple observations: First, we use a 4-round differential property obtained by applying Deirci et al's method to Demirci and Selçuk's 4-round property; and second, we observe that three concerned bytes of the 7-th round key can be deduced from the 8-th round key (this observation is not novel, and similar ones had been extensively used in previous work, for instance [12] The remainder of the paper is organised as follows. In the next section we describe the notation and the AES block cipher when used with a 192-bit key.…”

Section: Introductionmentioning

confidence: 99%

Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits

Wei

2011

Information Security Practice and Experience

Self Cite

View full text Add to dashboard Cite

show abstract

“…Take the well-known 128-bit version block cipher Rijndael as an example, six rounds is sufficient for resisting DC and LC. However, by integral attack or impossible differential attack, one can break six, seven, even eight rounds [9,11,20,29].…”

Section: Introductionmentioning

confidence: 99%

“…Unlike differential cryptanalysis which recovers the right key through the obvious advantage of a high probability differential (differential characteristic), impossible differential cryptanalysis is a sieving attack that excludes all the wrong candidate keys using impossible differentials. Since its emergence, impossible differential cryptanalysis has been applied to attack many well-known block ciphers [20,21,28,29].…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of a Generalized Unbalanced Feistel Network Structure

Sun

et al. 2010

Information Security and Privacy

View full text Add to dashboard Cite

Abstract. This paper reevaluates the security of GF-NLFSR, a new kind of generalized unbalanced Feistel network structure that was proposed at ACISP 2009. We show that GF-NLFSR itself reveals a very slow diffusion rate, which could lead to several distinguishing attacks. For GF-NLFSR containing n sub-blocks, we find an n 2 -round integral distinguisher by algebraic methods and further use this integral to construct an (n 2 + n − 2)-round impossible differential distinguisher. Compared with the original (3n − 1)-round integral and (2n − 1)-round impossible differential, ours are significantly better.Another contribution of this paper is to introduce a kind of nonsurjective attack by analyzing a variant structure of GF-NLFSR, whose provable security against differential and linear cryptanalysis can also be provided. The advantage of the proposed non-surjective attack is that traditional non-surjective attack is only applicable to Feistel ciphers with non-surjective (non-uniform) round functions, while ours could be applied to block ciphers with bijective ones. Moreover, its data complexity is O(l) with l the block length.

show abstract

New Impossible Differential Attacks on AES

Cited by 113 publications

References 13 publications

Improved “Partial Sums”-based Square Attack on AES

Improved “Partial Sums”-based Square Attack on AES

Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits

Cryptanalysis of a Generalized Unbalanced Feistel Network Structure

Contact Info

Product

Resources

About