Abstract
This paper implements the super-sbox analysis on 8-round AES proposed by Gilbert and Peyrin in order to verify its correctness and the attack cost. The attack consists of three parts; the first outbound phase, inbound phase with a super-sbox technique, and the second outbound phase. Gilbert and Peyrin estimated that the attack would require 248 computational cost and 232 memory, which could be feasible but not easy to practically implement. In this research, we first analyze the relationship among memory, computational cost, and the number of solutions in the inbound phase, and then show that the tradeoff exists for the super-sbox analysis. With this tradeoff, we implement the attack for each of the outbound phase independently so that the cost for the entire attack can be estimated by the experiments. As a result of our experiment, we show that the computational cost to obtain a pair of values satisfying the inbound phase is approximately 4 times higher and the freedom degrees are 4 times smaller than the previous estimation, which indicates that applying the super-sbox analysis is harder than expected.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register Vol. 72(212) (November 2, 2007) Notices (2007) http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf
U.S. Department of Commerce, National Institute of Standards and Technology: Specification for the ADVANCED ENCRYPTION STANDARD (AES) (Federal Information Processing Standards Publication 197) (2001)
Daemen, J., Rijmen, V.: The design of Rijndeal: AES – the Advanced Encryption Standard (AES). Springer, Heidelberg (2002)
Rijmen, V., Barreto, P.S.L.M.: The WHIRLPOOL hashing function. Submitted to NISSIE (September 2000)
Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl addendum. Submission to NIST (updated) (2009)
Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 proposal: ECHO. Submission to NIST (updated) (2009)
Biham, E., Dunkelman, O.: The SHAvite-3 hash function. Submission to NIST (Round 2) (2009)
Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)
Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: Cryptanalysis of reduced whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)
Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16–35. Springer, Heidelberg (2009)
Gilbert, H., Peyrin, T.: Super-sbox cryptanalysis: Improved attacks for AES-like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365–383. Springer, Heidelberg (2010)
Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: Results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)
Matusiewicz, K., Naya-Plasencia, M., Nikolić, I., Sasaki, Y., Schläffer, M.: Rebound attack on the full lane compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 106–125. Springer, Heidelberg (2009)
Naya-Plasencia, M.: Scrutinizing rebound attacks: new algorithms for improving the complexities. Cryptology ePrint Archive, Report 2010/607 (2010), http://eprint.iacr.org/2010/607
Wu, S., Feng, D., Wu, W., Su, B.: Hyper-sbox view of AES-like permutations: A generalized distinguisher. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 155–168. Springer, Heidelberg (2011)
Sasaki, Y., Li, Y., Wang, L., Sakiyama, K., Ohta, K.: Non-full-active super-sbox analysis: Applications to ECHO and grøstl. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 38–55. Springer, Heidelberg (2010)
Peyrin, T.: Improved cryptanalysis of ECHO and Grøstl. Cryptology ePrint Archive, Report 2010/223 (2010), http://eprint.iacr.org/2010/223 Full version of CRYPTO 2010
Peyrin, T.: Improved differential attacks for ECHO and Grøstl. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 370–392. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sasaki, Y., Takayanagi, N., Sakiyama, K., Ohta, K. (2011). Experimental Verification of Super-Sbox Analysis — Confirmation of Detailed Attack Complexity. In: Iwata, T., Nishigaki, M. (eds) Advances in Information and Computer Security. IWSEC 2011. Lecture Notes in Computer Science, vol 7038. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25141-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-25141-2_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25140-5
Online ISBN: 978-3-642-25141-2
eBook Packages: Computer ScienceComputer Science (R0)