Advertisement

Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities

  • Achiya Bar-On
  • Orr Dunkelman
  • Nathan Keller
  • Eyal Ronen
  • Adi Shamir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10992)

Abstract

Determining the security of AES is a central problem in cryptanalysis, but progress in this area had been slow and only a handful of cryptanalytic techniques led to significant advancements. At Eurocrypt 2017 Grassi et al. presented a novel type of distinguisher for AES-like structures, but so far all the published attacks which were based on this distinguisher were inferior to previously known attacks in their complexity. In this paper we combine the technique of Grassi et al. with several other techniques to obtain the best known key recovery attack on 5-round AES in the single-key model, reducing its overall complexity from about \(2^{32}\) to about \(2^{22.5}\). Extending our techniques to 7-round AES, we obtain the best known attacks on AES-192 which use practical amounts of data and memory, breaking the record for such attacks which was obtained 18 years ago by the classical Square attack.

Notes

Acknowledgements

The research of Achiya Bar-On and of Nathan Keller was supported by the European Research Council under the ERC starting grant agreement n. 757731 (LightCrypt) and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. The research of Orr Dunkelman was supported by the Israel Ministry of Science and Technology.

References

  1. 1.
    Biham, E., Keller, N.: Cryptanalysis of Reduced Variants of Rijndael (1999). Unpublished manuscriptGoogle Scholar
  2. 2.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_19CrossRefGoogle Scholar
  3. 3.
    Bossuet, L., Datta, N., Mancillas-López, C., Nandi, M.: ELmD: a pipelineable authenticated encryption and its hardware implementation. IEEE Trans. Comput. 65(11), 3318–3331 (2016)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Bouillaguet, C., Derbez, P., Dunkelman, O., Fouque, P., Keller, N., Rijmen, V.: Low-data complexity attacks on AES. IEEE Trans. Inf. Theor. 58(11), 7002–7017 (2012).  https://doi.org/10.1109/TIT.2012.2207880MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Bouillaguet, C., Derbez, P., Fouque, P.-A.: Automatic search of attacks on round-reduced AES and applications. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 169–187. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_10CrossRefGoogle Scholar
  6. 6.
    Boura, C., Lallemand, V., Naya-Plasencia, M., Suder, V.: Making the impossible possible. J. Cryptol. 31(1), 101–133 (2018).  https://doi.org/10.1007/s00145-016-9251-7MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Cho, J., et al.: WEM: a new family of white-box block ciphers based on the even-mansour construction. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 293–308. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-52153-4_17CrossRefGoogle Scholar
  8. 8.
    Daemen, J., Knudsen, L., Rijmen, V.: The block cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052343CrossRefGoogle Scholar
  9. 9.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002).  https://doi.org/10.1007/978-3-662-04722-4CrossRefzbMATHGoogle Scholar
  10. 10.
    Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-71039-4_7CrossRefGoogle Scholar
  11. 11.
    Derbez, P.: Meet-in-the-middle attacks on AES. Ph.D. thesis, Ecole Normale Supérieure de Paris – ENS Paris (2013)Google Scholar
  12. 12.
    Derbez, P., Fouque, P.-A.: Exhausting Demirci-Selçuk meet-in-the-middle attacks against reduced-round AES. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 541–560. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43933-3_28CrossRefGoogle Scholar
  13. 13.
    Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round, in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_23CrossRefzbMATHGoogle Scholar
  14. 14.
    Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 719–740. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_42CrossRefGoogle Scholar
  15. 15.
    Ferguson, N.: Improved cryptanalysis of Rijndael. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44706-7_15CrossRefGoogle Scholar
  16. 16.
    Fouque, P.-A., Karpman, P., Kirchner, P., Minaud, B.: Efficient and provable white-box primitives. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 159–188. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_6CrossRefGoogle Scholar
  17. 17.
    Gérard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: how far can we go? In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 383–399. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40349-1_22CrossRefGoogle Scholar
  18. 18.
    Gilbert, H., Minier, M.: A collision attack on 7 rounds of Rijndael. In: Preproceedings of Third AES Candidate Conference, pp. 230–241 (2000)Google Scholar
  19. 19.
    Grassi, L.: Mixture differential cryptanalysis: new approaches for distinguishers and attacks on round-reduced AES. Cryptology ePrint Archive, Report 2017/832 (2017). https://eprint.iacr.org/2017/832
  20. 20.
    Grassi, L., Rechberger, C., Rønjom, S.: A new structural-differential property of 5-round AES. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 289–317. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56614-6_10CrossRefGoogle Scholar
  21. 21.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-23951-9_22CrossRefGoogle Scholar
  22. 22.
    Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 15–44. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_2CrossRefGoogle Scholar
  23. 23.
    Mala, H., Dakhilalian, M., Rijmen, V., Modarres-Hashemi, M.: Improved impossible differential cryptanalysis of 7-round AES-128. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 282–291. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17401-8_20CrossRefGoogle Scholar
  24. 24.
    Rønjom, S., Bardeh, N.G., Helleseth, T.: Yoyo tricks with AES. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 217–243. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_8CrossRefGoogle Scholar
  25. 25.
    Tiessen, T.: Polytopic cryptanalysis. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 214–239. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_9CrossRefGoogle Scholar
  26. 26.
    Tunstall, M.: Improved “Partial Sums”-based square attack on AES. In: Samarati, P., Lou, W., Zhou, J. (eds.) SECRYPT 2012 - Proceedings of the International Conference on Security and Cryptography, Rome, Italy, 24–27 July 2012, SECRYPT is part of ICETE - The International Joint Conference on e-Business and Telecommunications, pp. 25–34. SciTePress (2012)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Achiya Bar-On
    • 1
  • Orr Dunkelman
    • 2
  • Nathan Keller
    • 1
  • Eyal Ronen
    • 3
  • Adi Shamir
    • 3
  1. 1.Department of MathematicsBar-Ilan UniversityRamat GanIsrael
  2. 2.Computer Science DepartmentUniversity of HaifaHaifaIsrael
  3. 3.Computer Science DepartmentThe Weizmann InstituteRehovotIsrael

Personalised recommendations