Towards Key-Dependent Integral and Impossible Differential Distinguishers on 5-Round AES

  • Kai Hu
  • Tingting Cui
  • Chao Gao
  • Meiqin WangEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11349)


Reduced-round AES has been a popular underlying primitive to design new cryptographic schemes and thus its security including distinguishing properties deserves more attention. At Crypto’16, a key-dependent integral distinguisher on 5-round AES was put forward, which opened up a new direction to take more insights into the distinguishing properties of AES. After that, two key-dependent impossible differential (ID) distinguishers on 5-round AES were proposed at FSE’16 and CT-RSA’18, respectively. It is strange that the current key-dependent integral distinguisher requires significantly higher complexities than the key-dependent ID distinguishers, even though they are constructed with the same property of MixColumns (\(2^{128} \gg 2^{98.2}\)). Proposers of the 5-round key-dependent distinguishers claimed that the corresponding integral and ID distinguishers can only work under chosen-ciphertext and chosen-plaintext settings, respectively, which is very different from the situations of traditional key-independent distinguishers.

In this paper, we first construct a novel key-dependent integral distinguisher on 5-round AES with \(2^{96}\) chosen plaintexts, which is much better than the previous key-dependent integral distinguisher that requires the full codebook proposed at Crypto’16. Secondly, We show that both distinguishers are valid under either chosen-plaintext setting or chosen-ciphertext setting, which is different from the claims of previous cryptanalysis. However, under different settings, complexities of key-dependent integral distinguishers are very different while those of the key-dependent ID distinguishers are almost the same. We analyze the reasons for it.


AES Key-dependent Integral Impossible differential 



The authors thank the anonymous SAC 2018 reviewers for careful reading and many helpful comments. This work is supported by National Natural Science Foundation of China (Grant No. 61572293), Key Science Technology Project of Shandong Province (Grant No. 2015GGX101046), and Chinese Major Program of National Cryptography Development Foundation (Grant No. MMJJ2017012).

Supplementary material


  1. 1.
    Biham, E., Keller, N.: Cryptanalysis of reduced variants of Rijndael. In: 3rd AES Conference, vol. 230 (2000)Google Scholar
  2. 2.
    Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and multidimensional linear distinguishers with correlation zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012). Scholar
  3. 3.
    Cui, T., Sun, L., Chen, H., Wang, M.: Statistical integral distinguisher with multi-structure and its application on AES. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 402–420. Springer, Cham (2017). Scholar
  4. 4.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES-The Advanced Encryption Standard. ISC. Springer Science & Business Media, Heidelberg (2013). Scholar
  5. 5.
    Datta, N., Nandi, M.: ELmD v2.0 (2015). Submission to the caesar competitionGoogle Scholar
  6. 6.
    Gilbert, H., Minier, M.: A collision attack on 7 rounds of Rijndael. In: AES Candidate Conference, pp. 230–241 (2000)Google Scholar
  7. 7.
    Grassi, L.: MixColumns properties and attacks on (round-reduced) AES with a single secret S-Box. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 243–263. Springer, Cham (2018). Scholar
  8. 8.
    Grassi, L., Rechberger, C., Rønjom, S.: Subspace trail cryptanalysis and its applications to AES. IACR Trans. Symmetric Cryptol. 2016(2), 192–225 (2016)Google Scholar
  9. 9.
    Grassi, L., Rechberger, C., Rønjom, S.: A new structural-differential property of 5-round AES. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 289–317. Springer, Cham (2017). Scholar
  10. 10.
    Lu, J., Dunkelman, O., Keller, N., Kim, J.: New impossible differential attacks on AES. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 279–293. Springer, Heidelberg (2008). Scholar
  11. 11.
    Rønjom, S., Bardeh, N.G., Helleseth, T.: Yoyo tricks with AES. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 217–243. Springer, Cham (2017). Scholar
  12. 12.
    Sun, B., Liu, M., Guo, J., Qu, L., Rijmen, V.: New insights on AES-like SPN ciphers. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 605–624. Springer, Heidelberg (2016). Scholar
  13. 13.
    Wang, M., Cui, T., Chen, H., Sun, L., Wen, L., Bogdanov, A.: Integrals go statistical: cryptanalysis of full skipjack variants. IACR Cryptology ePrint Archive 2016:178 (2016)Google Scholar
  14. 14.
    Wu, H., Preneel, B.: AEGIS: a fast authenticated encryption algorithm. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 185–201. Springer, Heidelberg (2014). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Key Laboratory of Cryptologic Technology and Information SecurityMinistry of Education, Shandong UniversityJinanChina
  2. 2.School of CyberspaceHangzhou Dianzi UniversityHangzhouChina
  3. 3.Shandong Computer Science Center (National Supercomputer Center in Jinan)JinanChina
  4. 4.Affiliated Hospital of Shandong University of Traditional Chinese MedicineJinanChina

Personalised recommendations