AES Variants Secure against Related-Key Differential and Boomerang Attacks

  • Jiali Choy
  • Aileen Zhang
  • Khoongming Khoo
  • Matt Henricksen
  • Axel Poschmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6633)


In this paper, we present a framework for protection against the recent related-key differential and boomerang attacks on AES by Biryukov et al. Then we study an alternative AES key schedule proposed by May et al. at ACISP 2002 as a possible candidate to protect against these related key attacks. We find that there exist equivalent keys for this key schedule and in response, we propose an improvement to overcome this weakness. We proceed to prove, using our framework, that our improved May et al.’s key schedule is secure against related-key differential and boomerang attacks. Since May et al.’s key schedule is not on-the-fly (which is a requirement for some hardware implementations), we propose an on-the-fly AES key schedule that is resistant against related-key differential and boomerang attacks.


Related-key attacks differential cryptanalysis boomerang attacks AES key schedule 


  1. 1.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
  2. 2.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and Related-Key Attack on the Full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key Recovery Attacks of Practical Complexity on AES Variant with Up To 10 Rounds, IACR eprint server, 2009/374 (July 2009),
  6. 6.
    Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Biryukov, A., Wagner, D.: Advanced Slide Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 589–606. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Daemen, J., Rijmen, V.: Rijndael. In: First Advanced Encryption Standard Conference (August 1998),
  9. 9.
    Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.: Improved Cryptanalysis of Rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Kim, J., Hong, S., Preneel, B., Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks, IACR eprint server, 2010/019 (January 2010),
  11. 11.
    May, L., Henricksen, M., Millan, W., Carter, G., Dawson, E.: Strengthening the Key Schedule of the AES. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 226–240. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Pramstaller, N., Mangard, S., Dominikus, S., Wolkerstorfer, J.: Efficient AES Implementations on ASICs and FPGAs. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 98–112. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Satoh, A., Morioka, S., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Virtual Silicon Inc. 0.18 μm VIP Standard Cell Library Tape Out Ready, Part Number: UMCL18G212T3, Process: UMC Logic 0.18 μm Generic II Technology: 0.18μm (July 2004)Google Scholar
  15. 15.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. 16.
    Wu, H.: Related-Cipher Attacks. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 447–455. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Jiali Choy
    • 1
  • Aileen Zhang
    • 1
  • Khoongming Khoo
    • 1
  • Matt Henricksen
    • 2
  • Axel Poschmann
    • 3
  1. 1.DSO National LaboratoriesSingapore
  2. 2.Institute for Infocomm ResearchA*STARSingapore
  3. 3.Division of Mathematical Sciences, School of Physical and Mathematical SciencesNanyang Technological UniversitySingapore

Personalised recommendations