MixColumns Properties and Attacks on (Round-Reduced) AES with a Single Secret S-Box

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10808)

Abstract

In this paper, we present new key-recovery attacks on AES with a single secret S-Box. Several attacks for this model have been proposed in literature, the most recent ones at Crypto’16 and FSE’17. Both these attacks exploit a particular property of the MixColumns matrix to recover the secret-key.

In this work, we show that the same attacks work exploiting a weaker property of the MixColumns matrix. As first result, this allows to (largely) increase the number of MixColumns matrices for which it is possible to set up all these attacks. As a second result, we present new attacks on 5-round AES with a single secret S-Box that exploit the new multiple-of-n property recently proposed at Eurocrypt’17. This property is based on the fact that choosing a particular set of plaintexts, the number of pairs of ciphertexts that lie in a particular subspace is a multiple of n.

Keywords

AES MixColumns Key-recovery attack Secret S-Box 

Notes

Acknowledgements

The author thanks Christian Rechberger for fruitful discussions and comments that helped to improve the quality of the paper.

References

  1. 1.
    CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. http://competitions.cr.yp.to/caesar.html
  2. 2.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_2 Google Scholar
  3. 3.
    Biham, E., Keller, N.: Cryptanalysis of reduced variants of Rijndael (2001). http://csrc.nist.gov/archive/aes/round2/conf3/papers/35-ebiham.pdf
  4. 4.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993).  https://doi.org/10.1007/978-1-4613-9314-6 CrossRefMATHGoogle Scholar
  5. 5.
    Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_4 Google Scholar
  6. 6.
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. J. Cryptol. 23(4), 505–518 (2010)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Blondeau, C., Leander, G., Nyberg, K.: Differential-linear cryptanalysis revisited. J. Cryptol. 30(3), 859–888 (2017)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Bogdanov, A., Rijmen, V.: Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Crypt. 70(3), 369–383 (2014)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Borghoff, J., Knudsen, L.R., Leander, G., Thomsen, S.S.: Cryptanalysis of PRESENT-like ciphers with secret S-boxes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 270–289. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21702-9_16 CrossRefGoogle Scholar
  10. 10.
    Cid, C., Murphy, S., Robshaw, M.J.B.: Small scale variants of the AES. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 145–162. Springer, Heidelberg (2005).  https://doi.org/10.1007/11502760_10 CrossRefGoogle Scholar
  11. 11.
    Daemen, J., Knudsen, L., Rijmen, V.: The block cipher square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052343 CrossRefGoogle Scholar
  12. 12.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002).  https://doi.org/10.1007/978-3-662-04722-4 CrossRefMATHGoogle Scholar
  13. 13.
  14. 14.
    Gilbert, H., Chauvaud, P.: A chosen plaintext attack of the 16-round Khufu cryptosystem. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 359–368. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48658-5_33 Google Scholar
  15. 15.
    Grassi, L.: MixColumns properties and attacks on (round-reduced) AES with a single secret S-box, Cryptology ePrint Archive, Report 2017/1200 (2017)Google Scholar
  16. 16.
    Grassi, L., Rechberger, C., Rønjom, S.: A new structural-differential property of 5-round AES. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 289–317. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56614-6_10 CrossRefGoogle Scholar
  17. 17.
    Grassi, L., Rechberger, C., Rønjom, S.: Subspace trail cryptanalysis and its applications to AES. IACR Trans. Symmetric Cryptol. 2016(2), 192–225 (2017). http://ojs.ub.rub.de/index.php/ToSC/article/view/571 Google Scholar
  18. 18.
    Knudsen, L.R.: DEAL - a 128-bit block cipher, Technical report 151. University of Bergen, Norway, Department of Informatics (1998)Google Scholar
  19. 19.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48285-7_33 Google Scholar
  20. 20.
    Mennink, B., Neves, S.: Optimal PRFs from blockcipher designs. IACR Trans. Symmetric Cryptol. 2017(3), 228–252 (2017)Google Scholar
  21. 21.
    Sun, B., Liu, M., Guo, J., Qu, L., Rijmen, V.: New Insights on AES-like SPN ciphers. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 605–624. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_22 CrossRefGoogle Scholar
  22. 22.
    Tiessen, T., Knudsen, L.R., Kölbl, S., Lauridsen, M.M.: Security of the AES with a secret S-box. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 175–189. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48116-5_9 CrossRefGoogle Scholar
  23. 23.
    Vaudenay, S.: On the weak keys of blowfish. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 27–32. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-60865-6_39 CrossRefGoogle Scholar
  24. 24.
    Wu, H., Preneel, B.: A Fast Authenticated Encryption Algorithm. http://competitions.cr.yp.to/round1/aegisv11.pdf

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.IAIKGraz University of TechnologyGrazAustria

Personalised recommendations