Advertisement

Designs, Codes and Cryptography

, Volume 87, Issue 12, pp 3001–3018 | Cite as

More accurate results on the provable security of AES against impossible differential cryptanalysis

  • Qian WangEmail author
  • Chenhui Jin
Article
  • 61 Downloads

Abstract

Whether there exist longer impossible differentials than existing ones for a block cipher, is an important problem in the provable security evaluation of a block cipher against impossible differential cryptanalysis. In this paper, we give more accurate results for this problem for the AES. After investigating the differential properties of both the S-box and the linear layer of AES, we theoretically prove that there do not exist impossible concrete differentials longer than 4 rounds for AES by proving that any concrete differential is possible for the 5-round AES, under the only assumption that the round keys are independent and uniformly random. We use a tool, called “(wd)-Dependent Tree (DT)”, to show how any concrete differential \(\varDelta X \rightarrow \varDelta Z\) can be connected in the middle of the 5-round AES by some DTs. Our method might shed some light on bounding the length of impossible differentials with the differential properties of the S-boxes considered for some SPN block ciphers.

Keywords

AES Impossible differential S-box Dependent Tree 

Mathematics Subject Classification

94A60 

Notes

Acknowledgements

We would like to thank anonymous reviewers for their comments on this paper, which greatly simplify the proof of the Lemma 1 and improve this paper, as well as give us some guidance on the impact of the key schedule.

References

  1. 1.
    Bahrak B., Aref M.R.: Impossible differential attack on seven-round AES-128. IET Inf. Secur. 2(2), 28–32 (2008).CrossRefGoogle Scholar
  2. 2.
    Bar-On A., Biham E., Dunkelman O., Keller N.: Efficient slide attacks. J. Cryptol. 31(3), 641–670 (2018).MathSciNetCrossRefGoogle Scholar
  3. 3.
    Biham E., Biryukov A., Shamir A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: J. Stern (ed.) Advances in Cryptology-EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999. Lecture Notes in Computer Science, vol. 1592, pp. 12–23. Springer, Berlin (1999).CrossRefGoogle Scholar
  4. 4.
    Blondeau C., Bogdanov A., Leander G.: Bounds in shallows and in miseries. In: R. Canetti, J.A. Garay (eds.) Advances in Cryptology-CRYPTO 2013-33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Part I, Lecture Notes in Computer Science, vol. 8042, pp. 204–221. Springer, Berlin (2013).Google Scholar
  5. 5.
    Blondeau C., Gérard B.: Links between theoretical and effective differential probabilities: experiments on PRESENT. In: IACR Cryptology ePrint Archive, vol. 2010, p. 261 (2010). http://eprint.iacr.org/2010/261.
  6. 6.
    Boura C., Lallemand V., Naya-Plasencia M., Suder V.: Making the impossible possible. J. Cryptol. 31(1), 101–133 (2018).MathSciNetCrossRefGoogle Scholar
  7. 7.
    Boura C., Minier M., Naya-Plasencia M., Suder V.: improved impossible differential attacks against round-reduced Lblock. In: IACR Cryptology ePrint Archive, vol. 2014, p. 279 (2014). http://eprint.iacr.org/2014/279.
  8. 8.
    Canteaut A., Roué J.: On the behaviors of affine equivalent sboxes regarding differential and linear attacks. In: Oswald and Fischlin [27], pp. 45–74.CrossRefGoogle Scholar
  9. 9.
    Cui T., Jia K., Fu K., Chen S., Wang M.: New automatic search tool for impossible differentials and zero-correlation linear approximations. In: IACR Cryptology ePrint Archive, vol. 2016, p. 689 (2016).Google Scholar
  10. 10.
    Cui T., Jin C., Zhang B., Chen Z., Zhang G.: Searching all truncated impossible differentials in SPN. IET Inf. Secur. 11(2), 89–96 (2017).CrossRefGoogle Scholar
  11. 11.
    Daemen J., Rijmen V.: The Design of Rijndael: AES-The Advanced Encryption Standard. Information Security and Cryptography. Springer, Berlin (2002).CrossRefGoogle Scholar
  12. 12.
    Daemen J., Rijmen V.: Understanding two-round differentials in AES. In: R.D. Prisco, M. Yung (eds.) Security and Cryptography for Networks, 5th International Conference, SCN 2006, Maiori, Italy, September 6–8, 2006. Lecture Notes in Computer Science, vol. 4116, pp. 78–94. Springer, Berlin (2006).Google Scholar
  13. 13.
    Derbez P.: Note on impossible differential attacks. In: T. Peyrin (ed.) Fast Software Encryption-23rd International Conference, FSE 2016, Bochum, Germany, March 20–23, 2016, Revised Selected Papers, Lecture Notes in Computer Science, vol. 9783, pp. 416–427. Springer, Berlin (2016).Google Scholar
  14. 14.
    Even S., Mansour Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997).MathSciNetCrossRefGoogle Scholar
  15. 15.
    Grassi L., Rechberger C., Rønjom S.: A new structural-differential property of 5-round AES. In: J. Coron, J.B. Nielsen (eds.) Advances in Cryptology-EUROCRYPT 2017-36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30–May 4, 2017, Proceedings, Part II, Lecture Notes in Computer Science, vol. 10211, pp. 289–317. Springer, Berlin (2017).Google Scholar
  16. 16.
    Kim J., Hong S., Lim J.: Impossible differential cryptanalysis using matrix method. Discret. Math. 310(5), 988–1002 (2010).MathSciNetCrossRefGoogle Scholar
  17. 17.
    Knudsen L.R.: DEAL-A 128-bit block cipher. Complexity 258(2), 216 (1998).Google Scholar
  18. 18.
    Knudsen L.R., Mathiassen J.E.: On the role of key schedules in attacks on iterated ciphers. In: P. Samarati, P.Y.A. Ryan, D. Gollmann, R. Molva (eds.) Computer Security-ESORICS 2004, 9th European Symposium on Research Computer Security, Sophia Antipolis, France, September 13–15, 2004, Proceedings, Lecture Notes in Computer Science, vol. 3193, pp. 322–334. Springer, Berlin (2004).CrossRefGoogle Scholar
  19. 19.
    Knudsen L.R.: The Block Cipher Companion. Information Security and Cryptography. Springer, Berlin (2011).CrossRefGoogle Scholar
  20. 20.
    Lai X., Massey J.L., Murphy S.: Markov ciphers and differential cryptanalysis. In: D.W. Davies (ed.) Advances in Cryptology-EUROCRYPT ’91, Workshop on the Theory and Application of of Cryptographic Techniques, Brighton, UK, April 8–11, 1991. Lecture Notes in Computer Science, vol. 547, pp. 17–38. Springer, Berlin (1991).Google Scholar
  21. 21.
    Leander G., Minaud B., Rønjom S.: A generic approach to invariant subspace attacks: cryptanalysis of robin, iSCREAM and zorro. In: Oswald and Fischlin [27], pp. 254–283.CrossRefGoogle Scholar
  22. 22.
    Li S., Song C.: Improved impossible differential cryptanalysis of ARIA. In: Proceedings of the 2008 International Conference on Information Security and Assurance ISA 2008, pp. 129–132 (2008).Google Scholar
  23. 23.
    Lidl R., Niederreiter H.: Finite Fields. Cambridge University Press, Cambridge (1997).zbMATHGoogle Scholar
  24. 24.
    Luo Y., Lai X., Wu Z., Gong G.: A unified method for finding impossible differentials of block cipher structures. Inf. Sci. 263, 211–220 (2014).CrossRefGoogle Scholar
  25. 25.
    Mala H., Dakhilalian M., Rijmen V., Modarres-Hashemi M.: improved impossible differential cryptanalysis of 7-round AES-128. In: G. Gong, K.C. Gupta (eds.) Progress in Cryptology-INDOCRYPT 2010-11th International Conference on Cryptology in India, Hyderabad, India, December 12–15, 2010. Lecture Notes in Computer Science, vol. 6498, pp. 282–291. Springer, Berlin (2010).CrossRefGoogle Scholar
  26. 26.
    Mouha N., Wang Q., Gu D., Preneel B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: C. Wu, M. Yung, D. Lin (eds.) Information Security and Cryptology-7th International Conference, Inscrypt 2011, Beijing, China, November 30–December 3, 2011. Revised Selected Papers, Lecture Notes in Computer Science, vol. 7537, pp. 57–76. Springer, Berlin (2011).Google Scholar
  27. 27.
    Oswald E., Fischlin M. (eds.): Advances in Cryptology-EUROCRYPT 2015–34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015. Part I, vol. 9056. Lecture Notes in Computer Science. Springer, Berlin (2015).Google Scholar
  28. 28.
    Rønjom S., Bardeh N.G., Helleseth T.: Yoyo tricks with AES. In: T. Takagi, T. Peyrin (eds.) Advances in Cryptology-ASIACRYPT 2017-23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017. Part I, Lecture Notes in Computer Science, vol. 10624, pp. 217–243. Springer, Berlin (2017).CrossRefGoogle Scholar
  29. 29.
    Sasaki Y., Todo Y.: New impossible differential search tool from design and cryptanalysis aspects-revealing structural properties of several ciphers. In: J. Coron, J.B. Nielsen (eds.) Advances in Cryptology-EUROCRYPT 2017-36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30–May 4, 2017. Part III, Lecture Notes in Computer Science, vol. 10212, pp. 185–215. Springer, Berlin (2017).Google Scholar
  30. 30.
    Sun B., Liu M., Guo J., Qu L., Rijmen V.: New insights on AES-Like SPN ciphers. In: M. Robshaw, J. Katz (eds.) Advances in Cryptology-CRYPTO 2016-36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016. Part I, Lecture Notes in Computer Science, vol. 9814, pp. 605–624. Springer, Berlin (2016).Google Scholar
  31. 31.
    Sun B., Liu M., Guo J., Rijmen V., Li R.: provable security evaluation of structures against impossible differential and zero correlation linear cryptanalysis. In: M. Fischlin, J. Coron (eds.) Advances in Cryptology-EUROCRYPT 2016-35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8–12, 2016. Part I, Lecture Notes in Computer Science, vol. 9665, pp. 196–213. Springer, Berlin (2016).CrossRefGoogle Scholar
  32. 32.
    Sun S., Hu L., Wang P., Qiao K., Ma X., Song L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: P. Sarkar, T. Iwata (eds.) Advances in Cryptology-ASIACRYPT 2014-20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014. Part I, Lecture Notes in Computer Science, vol. 8873, pp. 158–178. Springer, Berlin (2014).Google Scholar
  33. 33.
    Todo Y., Leander G., Sasaki Y.: Nonlinear invariant attack: practical attack on full SCREAM, iSCREAM, and Midori64. J. Cryptol. (2018).  https://doi.org/10.1007/s00145-018-9285-0.MathSciNetCrossRefGoogle Scholar
  34. 34.
    Wang Q., Jin C.: Upper bound of the length of truncated impossible differentials for AES. Des. Codes Cryptogr. 86(7), 1541–1552 (2018).MathSciNetCrossRefGoogle Scholar
  35. 35.
    Wu S., Wang M.: Automatic search of truncated impossible differentials for word-oriented block ciphers. In: S.D. Galbraith, M. Nandi (eds.) Progress in Cryptology-INDOCRYPT 2012, 13th International Conference on Cryptology in India, Kolkata, India, December 9–12, 2012. Lecture Notes in Computer Science, vol. 7668, pp. 283–302. Springer, Berlin (2012).Google Scholar
  36. 36.
    Xue W., Wang Q., Lai X.: Applicability of Markov-cipher theory on actual key schedules. J. Cryptol. Res. 1(1), 83–90 (2014).Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Information Science and Technology InstituteZhengzhouChina

Personalised recommendations