Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

ICISC 2014: Information Security and Cryptology - ICISC 2014 pp 160–174Cite as

Bicliques with Minimal Data and Time Complexity for AES

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8949)

Abstract

In this paper, we re-evaluate the security-bound of full round AES against biclique attack. Under some reasonable restrictions, we exhaustively analyze the most promising class of biclique cryptanalysis as applied to AES through a computer-assisted search and find optimal attacks towards lowest computational and data complexities:

  • Among the attacks with the minimal data complexity of the unicity distance, the ones with computational complexity \(2^{126.67}\) (for AES-128), \(2^{190.9}\) (for AES-192) and \(2^{255}\) (for AES-256) are the fastest. Each attack just requires 2 (for AES-128 and AES-192) or 3 (for AES-256) known plaintexts for success probability 1. We obtain these results using the improved biclique attack proposed in Crypto’13.

  • Among the attacks with data complexity less than the full codebook, for AES-128, the ones of computational complexity \(2^{126.16}\) are fastest. Within these, the one with data complexity \(2^{64}\) requires the smallest amount of data. Thus, the original attack (with data complexity \(2^{88}\)) did not have the optimal data complexity for AES-128. Similar findings are observed for AES-192 as well (data complexity \(2^{48}\) as against \(2^{80}\) in the original attack). For AES-256, we find an attack that has a lower computational complexity of \(2^{254.31}\) as compared to the original attack complexity of \(2^{254.42}\).

  • Among all the attacks covered, the ones of computational complexity \(2^{125.56}\) (for AES-128), \(2^{189.51}\) (for AES-192) and \(2^{253.87}\) (for AES-256) are fastest, though requiring the full codebook. This can be considered as an indication of the limitations of the independent biclique attack approach as applied to AES.

Keywords

  • Block ciphers
  • Biclique cryptanalysis
  • Meet-in-the-middle
  • Key recovery
  • Stars
  • AES-128
  • Minimum data complexity

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Such trails do not collapse into a single active byte in any of the key states.

  2. 2.

    Such trails do not collapse into a single active byte or two active bytes in any of the key states.

  3. 3.

    Here we consider double (\(i_1, i_2\)) as well as triple (\(i_1, i_2, i_3\)) difference injection in \(i\) trail such that all possible (\(i_1, i_2\)) / (\(i_1, i_2, i_3\)) columns have one zero byte/ two zero bytes respectively, after applying \(MixColumns^{-1}\).

  4. 4.

    One complete evaluation of AES-128, AES-192 and AES-256 corresponds to 200, 224 and 276 S-boxes respectively.

  5. 5.

    In [8], the attack complexity for AES-128 is mentioned as \(2^{125.69}\), however we could not validate it. Our analysis estimates this complexity to be \(2^{125.98}\).

References

  1. Abed, F., Forler, C., List, E., Lucks, S., Wenzel, J.: A framework for automated independent-biclique cryptanalysis. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 561–582. Springer, Heidelberg (2014)

    Google Scholar 

  2. Aoki, K., Sasaki, Y.: Preimage Attacks on One-Block MD4, 63-Step MD5 and More. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009)

    Google Scholar 

  3. Aoki, K., Sasaki, Y.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70–89. Springer, Heidelberg (2009)

    Google Scholar 

  4. Bogdanov, A., Kavun, E.B., Paar, C., Rechberger, C., Yalcin, T.: Better than brute-force optimized hardware architecture for effcient biclique attacks on AES-128. In: SHARCS 2012 - Special-Purpose Hardware for Attacking Cryptographic Systems. Washington D.C., USA, March 2012

    Google Scholar 

  5. Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011)

    Google Scholar 

  6. Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011)

    Google Scholar 

  7. Bouillaguet, C., Derbez, P., Fouque, P.-A.: Automatic Search of Attacks on Round-Reduced AES and Applications. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 169–187. Springer, Heidelberg (2011)

    Google Scholar 

  8. Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks (full version). Cryptology ePrint Archive, report 2013/324 (2013). http://eprint.iacr.org/2013/324

  9. Chaum, D., Evertse, J.-H.: Crytanalysis of DES with a reduced number of rounds: Sequences of linear factors in block ciphers. In: Williams, H.C. (ed.) Advances in Cryptology - CRYPTO 1985. Lecture Notes in Computer Science, vol. 218, pp. 192–211. Springer, Heidelberg (1985)

    Google Scholar 

  10. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002)

    Google Scholar 

  11. Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56–75. Springer, Heidelberg (2010)

    Google Scholar 

  12. Isobe, T.: A single-key attack on the full GOST block cipher. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 290–305. Springer, Heidelberg (2011)

    Google Scholar 

  13. Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-bicliques: cryptanalysis of full IDEA. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 392–410. Springer, Heidelberg (2012)

    Google Scholar 

  14. Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on Skein-512 and the SHA-2 family. Cryptology ePrint Archive, report 2011/286 (2011). http://eprint.iacr.org/2011/286

  15. Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technical University of Denmark, Copenhagen, Denmark

    Andrey Bogdanov

  2. Indraprastha Institute of Information Technology (IIIT-D), Delhi, India

    Donghoon Chang, Mohona Ghosh & Somitra Kumar Sanadhya

Authors
  1. Andrey Bogdanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Donghoon Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohona Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Somitra Kumar Sanadhya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohona Ghosh .

Editor information

Editors and Affiliations

  1. Sejong University, Seoul, Korea, Republic of (South Korea)

    Jooyoung Lee

  2. Kookmin University, Seoul, Korea, Republic of (South Korea)

    Jongsung Kim

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Bogdanov, A., Chang, D., Ghosh, M., Sanadhya, S.K. (2015). Bicliques with Minimal Data and Time Complexity for AES. In: Lee, J., Kim, J. (eds) Information Security and Cryptology - ICISC 2014. ICISC 2014. Lecture Notes in Computer Science(), vol 8949. Springer, Cham. https://doi.org/10.1007/978-3-319-15943-0_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15943-0_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15942-3

  • Online ISBN: 978-3-319-15943-0

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation