Advertisement

Computing

, Volume 85, Issue 1–2, pp 85–104 | Cite as

Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers

  • Joan Daemen
  • Mario Lamberger
  • Norbert Pramstaller
  • Vincent Rijmen
  • Frederik Vercauteren
Article

Abstract

In this paper we study the security of the Advanced Encryption Standard (AES) and AES-like block ciphers against differential cryptanalysis. Differential cryptanalysis is one of the most powerful methods for analyzing the security of block ciphers. Even though no formal proofs for the security of AES against differential cryptanalysis have been provided to date, some attempts to compute the maximum expected differential probability (MEDP) for two and four rounds of AES have been presented recently. In this paper, we will improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box. More precisely, we are able to provide the complete distribution of the EDP for two rounds of this AES variant with five active S-boxes and methods to improve the estimates for the EDP in the case of six active S-boxes.

Keywords

Cryptography Differential cryptanalysis AES Differential probability 

Mathematics Subject Classification (2000)

94A60 11T71 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Beth T, Ding C (1993) On Almost Perfect Nonlinear Permutations. In: EUROCRYPT. Lecture Notes in Computer Science, vol 765. Springer, Heidelberg, pp 65–76Google Scholar
  2. 2.
    Biham E, Shamir A (1990) Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes A, Vanstone SA (eds) CRYPTO. Lecture Notes in Computer Science, vol 537. Springer, Heidelberg, pp 67–75Google Scholar
  3. 3.
    Biryukov A (2007) The design of a stream Cipher LEX. Selected areas in cryptography. Lecture Notes in Computer Science, vol 4356. Springer, Heidelberg, pp 67–75Google Scholar
  4. 4.
    Daemen J, Rijmen V (2002) The design of Rijndael: AES—the advanced encryption standard. Springer, HeidelbergzbMATHGoogle Scholar
  5. 5.
    Daemen J, Rijmen V (2005) The Pelican MAC Function. Cryptology ePrint Archive, Report 2005/088. http://eprint.iacr.org/
  6. 6.
    Daemen J, Rijmen V (2006) Understanding two-round differentials in AES. In: De Prisco R, Yung M (eds) SCN. Lecture Notes in Computer Science, vol 4116. Springer, Heidelberg, pp 78–94Google Scholar
  7. 7.
    Fisher SD (1966) Classroom notes: matrices over a finite field. Am Math Mon 73(6): 639–641zbMATHCrossRefGoogle Scholar
  8. 8.
    Hong S, Lee S, Lim J, Sung J, Cheon DH, Cho I (2000) Provable Security against Differential and Linear Cryptanalysis for the SPN Structure. In: Schneier B (eds) FSE. Lecture Notes in Computer Science, vol 1978. Springer, Heidelberg, pp 273–283Google Scholar
  9. 9.
    Keliher L, Meijer H, Tavares SE (2001) New method for upper bounding the maximum average linear hull probability for SPNs. In: Pfitzmann B (eds) EUROCRYPT. Lecture Notes in Computer Science, vol 2045. Springer, Heidelberg, pp 420–436Google Scholar
  10. 10.
    Keliher L (2004) Refined analysis of bounds related to linear and differential cryptanalysis for the AES. In: Dobbertin H, Rijmen V, Sowa A (eds) AES4 Conference Lecture Notes in Computer Science, vol 3373. Springer, Heidelberg, pp 42–57Google Scholar
  11. 11.
    Keliher L, Sui J (2007) Exact maximum expected differential and linear probability for 2-round advanced encryption standard (AES). IET Inf Secur 1(2): 53–57CrossRefGoogle Scholar
  12. 12.
    Lai X, Massey JL, Murphy S (1991) Markov ciphers and differential cryptanalysis. In: Advances in Cryptology—EUROCRYPT ’91 (Brighton, 1991). Lecture Notes in Computer Science, vol 547. Springer, Berlin, pp 17–38Google Scholar
  13. 13.
    Lidl R, Niederreiter H (1997) Finite fields, Encyclopedia of mathematics and its applications, 2nd edn. Cambridge University Press, CambridgeGoogle Scholar
  14. 14.
    Matsui M (1993) Linear Cryptoanalysis Method for DES Cipher EUROCRYPT. In: Helleseth T (eds) Lecture Notes in Computer Science, vol 765. Springer, Heidelberg, pp 386–397Google Scholar
  15. 15.
    Minematsu K, Tsunoo Y (2006) Provably secure MACs from differentially-uniform permutations and AES-based implementations. In: Robshaw M (eds) FSE. Lecture Notes in Computer Science, vol 4047. Springer, Heidelberg, pp 226–241Google Scholar
  16. 16.
    Park S, Sung SH, Chee S, Yoon E-J, Lim J (2002) On the security of Rijndael-like structures against differential and linear cryptanalysis. In: Zheng Y (eds) ASIACRYPT. Lecture Notes in Computer Science, vol 2501. Springer, Heidelberg, pp 176–191Google Scholar
  17. 17.
    Park S, Sung SH, Lee S, Lim J (2003) Improving the upper bound on the maximum differential and the maximum linear hull probability for SPN structures and AES. In: Johansson T (eds) FSE. Lecture Notes in Computer Science, vol 2887. Springer, Heidelberg, pp 247–260Google Scholar

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  • Joan Daemen
    • 1
  • Mario Lamberger
    • 2
  • Norbert Pramstaller
    • 2
  • Vincent Rijmen
    • 2
    • 3
  • Frederik Vercauteren
    • 3
  1. 1.STMicroelectronics BelgiumZaventemBelgium
  2. 2.IAIK, Graz University of TechnologyGrazAustria
  3. 3.ESAT/COSIC, K.U. LeuvenLouvainBelgium

Personalised recommendations