Designs, Codes and Cryptography

, Volume 73, Issue 1, pp 85–103

Revisiting key schedule’s diffusion in relation with round function’s diffusion

Article

DOI: 10.1007/s10623-013-9804-9

Cite this article as:
Huang, J. & Lai, X. Des. Codes Cryptogr. (2014) 73: 85. doi:10.1007/s10623-013-9804-9
  • 309 Downloads

Abstract

We study the weakness of key schedules from an observation: many existing attacks use the fact that the key schedules poorly distribute key bits in the diffusion path of round functions. This reminds us of the importance of the diffusion’s relation between key schedules and round functions. We present new cryptanalysis results by exploring such diffusion relation and propose a new criterion for necessary key schedule diffusion. We discuss potential attacks and summarize the causes for key schedules without satisfying this criterion. One major cause is that overlapping between the diffusion of key schedules and round functions leads to information leakage of key bits. Finally, a measure to estimate our criterion for recursive key schedules is presented. Today designing key schedule still lacks practical and necessary principles. For a practical key schedule with limited diffusion, our work adds more insight to its requirements and helps to maximize the security level.

Keywords

Key scheduleDiffusionBlock cipherSHACAL-2AESXTEA

Mathematics Subject Classification (2010)

94A6014G5011T71

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina
  2. 2.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina