Key Difference Invariant Bias in Block Ciphers

  • Andrey Bogdanov
  • Christina Boura
  • Vincent Rijmen
  • Meiqin Wang
  • Long Wen
  • Jingyuan Zhao
Conference paper

DOI: 10.1007/978-3-642-42033-7_19

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8269)
Cite this paper as:
Bogdanov A., Boura C., Rijmen V., Wang M., Wen L., Zhao J. (2013) Key Difference Invariant Bias in Block Ciphers. In: Sako K., Sarkar P. (eds) Advances in Cryptology - ASIACRYPT 2013. ASIACRYPT 2013. Lecture Notes in Computer Science, vol 8269. Springer, Berlin, Heidelberg

Abstract

In this paper, we reveal a fundamental property of block ciphers: There can exist linear approximations such that their biases ε are deterministically invariant under key difference. This behaviour is highly unlikely to occur in idealized ciphers but persists, for instance, in 5-round AES. Interestingly, the property of key difference invariant bias is independent of the bias value ε itself and only depends on the form of linear characteristics comprising the linear approximation in question as well as on the key schedule of the cipher.

We propose a statistical distinguisher for this property and turn it into an key recovery. As an illustration, we apply our novel cryptanalytic technique to mount related-key attacks on two recent block ciphers — LBlock and TWINE. In these cases, we break 2 and 3 more rounds, respectively, than the best previous attacks.

Keywords

block ciphers key difference invariant bias linear cryptanalysis linear hull key-alternating ciphers LBlock TWINE 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Andrey Bogdanov
    • 1
  • Christina Boura
    • 1
  • Vincent Rijmen
    • 2
    • 3
  • Meiqin Wang
    • 4
  • Long Wen
    • 4
  • Jingyuan Zhao
    • 4
  1. 1.Technical University of DenmarkDenmark
  2. 2.ESAT/SCD/COSICKU LeuvenBelgium
  3. 3.iMindsBelgium
  4. 4.Key Laboratory of Cryptologic Technology and Information Security, Ministry of EducationShandong UniversityJinanChina

Personalised recommendations