Skip to main content
SpringerLink
Log in

Structural evaluation of AES-like ciphers against mixture differential cryptanalysis

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

At ASIACRYPT 2017, Rønjom et al. analyzed AES with the yoyo attack. Similar to their 4-round AES distinguisher, Grassi proposed the 4-round mixture differential cryptanalysis as well as a key recovery attack on 5-round AES at ToSC 2018, which was shown to be better than the classical square attack in computation complexity. After that, Bardeh et al. combined the exchange attack with the 4-round mixture differential distinguisher of AES, leading to the first secret-key chosen plaintext distinguisher for 6-round AES. Unlike the attack on 5-round AES, the result of 6-round key-recovery attack on AES has extremely large complexity, which implies the weakness of mixture difference to a certain extent. Our work aims at evaluating the security of AES-like ciphers against mixture differential cryptanalysis. We propose a new structure called a boomerang structure and illustrate that a differential distinguisher of a boomerang structure just corresponds to a mixture differential distinguisher for AES-like ciphers. Based on the boomerang structure, it is shown that the mixture differential cryptanalysis is not suitable to be applied to AES-like ciphers with high round numbers. In specific, we associate the primitive index with our framework built on the boomerang structure and give the upper bound for the length of mixture differential distinguisher with probability 1 on AES-like ciphers. It can be directly deduced from our framework that there is no mixture differential distinguisher for 6-round AES.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Algorithm 1

Similar content being viewed by others

Data availability

The datasets supporting the conclusions of this article are included within the article and its additional files. The code supporting the conclusions of this article is available in https://github.com/BLOCKCIPHERS702702.

Notes

  1. We have revised the definition of primitive index in [16] since the Type 2 primitive index of P is not used in our work.

References

  1. Bao Z., Guo J., List E.: Extended truncated-differential distinguishers on round-reduced AES. IACR Trans. Symmetric Cryptol. 2020(3), 197–261 (2020)

  2. Bardeh, N.G., Rønjom, S.: The exchange attack: how to distinguish six rounds of AES with \(2^{88.2}\) chosen plaintexts. In: Galbraith, S.D., Moriai, S. (eds.) Advances in Cryptology-ASIACRYPT 2019-Proceedings of the 25th International Conference on the Theory and Application of Cryptology and Information Security, December 8–12, Part III, Lecture Notes in Computer Science, vol. 11923, pp. 347–370. Springer, Kobe, Japan (2019)

  3. Bar-On, A., Dunkelman, O., Keller, N., Ronen, E., Shamir, A.: Improved key recovery attacks on reduced-round AES with practical data and memory complexities. In: Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology-CRYPTO 2018-Proceedings of the 38th Annual International Cryptology Conference, August 19–23, Part II, Lecture Notes in Computer Science, vol. 10992, pp. 185–212. Springer, Santa Barbara, CA, USA (2018)

  4. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L: SIMON and SPECK: block ciphers for the internet of things. IACR Cryptol. Arch. p. 585 (2015)

  5. Biham, E., Biryukov, A., Dunkelman, O., Richardson, E., Shamir, A.: Initial observations on skipjack: cryptanalysis of skipjack-3xor. In: Tavares S.E., Meijer H. (eds.) Proceedings of the Selected Areas in Cryptography ’98, SAC’98, Kingston, Ontario, Canada, August 17–18, Lecture Notes in Computer Science, vol. 1556, pp. 362–376. Springer, Berlin (1998)

  6. Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) Advances in Cryptology-EUROCRYPT ’99-Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, May 2–6, Lecture Notes in Computer Science, vol. 1592, pp. 12–23. Springer, Prague, Czech Republic (1999)

  7. Blondeau, C., Gérard, B.: Multiple differential cryptanalysis: theory and practice. In: Joux, A. (ed.) Fast Software Encryption-18th International Workshop, FSE 2011, February 13–16, Revised Selected Papers, Lecture Notes in Computer Science, vol. 6733, pp. 35–54. Springer, Lyngby, Denmark (2011)

  8. Daemen J., Rijmen V.: The Design of Rijndael-The Advanced Encryption Standard (AES). Information Security and Cryptography, 2nd edn Springer, Berlin (2020)

  9. Dunkelman, O., Keller, N., Ronen, E., Shamir, A.: The retracing boomerang attack. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology-EUROCRYPT 2020-Proceedings of the 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 10–14, Part I, Lecture Notes in Computer Science, vol. 12105, pp. 280–309. Springer, Zagreb, Croatia (2020)

  10. Grassi L., Rechberger C., Rønjom S.: Subspace trail cryptanalysis and its applications to AES. IACR Trans. Symmetric Cryptol. 2016(2), 192–225 (2016)

  11. Grassi, L., Rechberger, C., Rønjom, S.: A new structural-differential property of 5-round AES. In: Jean-Sébastien, C., Nielsen, J.B. (eds.) Advances in Cryptology-EUROCRYPT 2017-Proceedings of the 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30–May 4, Part II, Lecture Notes in Computer Science, vol. 10211, pp. 289–317 (2017)

  12. Grassi L.: Mixture differential cryptanalysis: a new approach to distinguishers and attacks on round-reduced AES. IACR Trans. Symmetric Cryptol. 2018(2), 133–160 (2018)

  13. Guo, J., Song, L., Wang, H.: Key structures: improved related-key boomerang attack against the full AES-256. In: Nguyen, K., Yang, G., Guo, F., Susilo, W. (eds.) Information Security and Privacy-Proceedings of the 27th Australasian Conference, ACISP 2022, November 28–30, Lecture Notes in Computer Science, vol. 13494, pp. 3–23. Springer, Wollongong, NSW, Australia (2022)

  14. Moghaddam A.E., Ahmadian Z.: New automatic search method for truncated-differential characteristics application to midori. SKINNY CRAFT Comput. J. 63(12), 1813–1825 (2020)

  15. Rønjom, S., Bardeh, N.G., Helleseth, T.: Yoyo tricks with AES. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology-ASIACRYPT 2017-Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, Part I, Lecture Notes in Computer Science, vol. 10624, pp. 217–243. Springer (2017)

  16. Sun, B., Liu, M., Guo, J., Rijmen, V,, Li, R.: Provable security evaluation of structures against impossible differential and zero correlation linear cryptanalysis. In: Fischlin, M., Coron, J. (eds.) Advances in Cryptology-EUROCRYPT 2016-Proceedings of the 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 8–12, Part I, Lecture Notes in Computer Science, vol. 9665, pp. 196–213. Springer, Vienna, Austria (2016)

  17. Tian T., Qi W., Ye C., Xie X.: Spring: a family of small hardware-oriented block ciphers based on NFSRs. J. Cryptol. Res. 2019(6), 815–834 (2019)

  18. Zhao B., Dong X., Jia K.: New related-tweakey boomerang and rectangle attacks on deoxys-bc including BDT effect. IACR Trans. Symmetric Cryptol. 2019(3), 121–151 (2019)

  19. Zhao, B., Dong, X., Jia, K., Meier, W.: Improved related-tweakey rectangle attacks on reduced-round deoxys-bc-384 and deoxys-i-256-128. IACR Cryptol. Arch. p. 103 (2020)

Download references

Author information

Authors and Affiliations

  1. Information Engineering University, Zhengzhou, 450001, China

    Xiaofeng Xie & Tian Tian

Authors
  1. Xiaofeng Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tian Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tian Tian.

Additional information

Communicated by X. Wang.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

The truncated differential distinguishers of 6-round Midori64 and 8-round SKINNY64 searched by MILP modeling technique are presented in Figs. 4  and 5, respectively.

Fig. 4
figure 4

A truncated differential distinguisher for boomerang structure of 6-round Midori64

Full size image
Fig. 5
figure 5

A truncated differential distinguisher for boomerang structure of 8-round SKINNY64

Full size image

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xie, X., Tian, T. Structural evaluation of AES-like ciphers against mixture differential cryptanalysis. Des. Codes Cryptogr. 91, 3881–3899 (2023). https://doi.org/10.1007/s10623-023-01277-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-023-01277-7

Keywords

Mathematics Subject Classification

Search

Navigation