AES Variants Secure against Related-Key Differential and Boomerang Attacks
In this paper, we present a framework for protection against the recent related-key differential and boomerang attacks on AES by Biryukov et al. Then we study an alternative AES key schedule proposed by May et al. at ACISP 2002 as a possible candidate to protect against these related key attacks. We find that there exist equivalent keys for this key schedule and in response, we propose an improvement to overcome this weakness. We proceed to prove, using our framework, that our improved May et al.’s key schedule is secure against related-key differential and boomerang attacks. Since May et al.’s key schedule is not on-the-fly (which is a requirement for some hardware implementations), we propose an on-the-fly AES key schedule that is resistant against related-key differential and boomerang attacks.
KeywordsRelated-key attacks differential cryptanalysis boomerang attacks AES key schedule
- 1.Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
- 5.Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key Recovery Attacks of Practical Complexity on AES Variant with Up To 10 Rounds, IACR eprint server, 2009/374 (July 2009), http://eprint.iacr.org/2009/374
- 8.Daemen, J., Rijmen, V.: Rijndael. In: First Advanced Encryption Standard Conference (August 1998), http://csrc.nist.gov/encryption/aes/
- 10.Kim, J., Hong, S., Preneel, B., Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks, IACR eprint server, 2010/019 (January 2010), http://eprint.iacr.org/2010/019
- 14.Virtual Silicon Inc. 0.18 μm VIP Standard Cell Library Tape Out Ready, Part Number: UMCL18G212T3, Process: UMC Logic 0.18 μm Generic II Technology: 0.18μm (July 2004)Google Scholar