Advertisement

Improved impossible differential cryptanalysis of large-block Rijndael

  • Ya Liu
  • Yifan Shi
  • Dawu Gu
  • Bo Dai
  • Fengyu Zhao
  • Wei Li
  • Zhiqiang Liu
  • Zhiqiang Zeng
Research Paper

Abstract

Rijndael is a substitution-permutation network (SPN) block cipher for the AES development process. Its block and key sizes range from 128 to 256 bits in steps of 32 bits, which can be denoted by Rijndael-b-k, where b and k are the block and key sizes, respectively. Among them, Rijndael-128-128/192/256, that is, AES, has been studied by many researchers, and the security of other large-block versions of Rijndael has been exploited less frequently. However, more attention has been paid to large-block versions of block ciphers with the fast development of quantum computers. In this paper, we propose improved impossible differential attacks on 10-round Rijndael-256-256, 10-round Rijndael-224-256, and 9-round Rijndael-224-224 using precomputation tables, redundancies of key schedules, and multiple impossible differentials. For 10-round Rijndael-256-256, the data, time, and memory complexities of our attack were approximately 2244.4 chosen plaintexts, 2240.1 encryptions, and 2181.4 blocks, respectively. For 10-round Rijndael-224-256, the data, time, and memory complexities of our attack were approximately 2214.4 chosen plaintexts, 2241.3 encryptions, and 2183.4 blocks, respectively. For 9-round Rijndael-224-224, the data, time, and memory complexities of our attack are approximately 2214.4 chosen plaintexts, 2113.4 encryptions, and 287.4 blocks, respectively, or 2206.6 chosen plaintexts, 2153.6 encryptions, and 2111.6 blocks, respectively. To the best of our knowledge, our results are currently the best on Rijndael-256-256 and Rijndael-224-224/256.

Keywords

block cipher Rijndael precomputation tables impossible differentials multiple impossible differential attacks 

Notes

Acknowledgements

This work was supported by National Natural Science Foundation of China (Grant Nos. 61402288, 61772129, 61601292, 61672347, 61472250), Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-17-008), Shanghai Natural Science Foundation (Grant Nos. 15ZR1400300, 16ZR1401100), Opening Project of the Shanghai Key Laboratory of Integrated Administration Technologies for Information Security (Grant No. AGK201703), Opening Project of the Shanghai Key Laboratory of Scalable Computing and Systems, National Cryptography Development Fund, and Fundamental Research Funds for the Central Universities.

References

  1. 1.
    Daemen J, Rijmen V. The design of Rijndael: AES, the advanced encryption standard. In: Information Security and Cryptography. Berlin: Springer, 2002CrossRefMATHGoogle Scholar
  2. 2.
    Daor J, Daemen J, Rijmen V. AES Proposal: Rijndael. http://jda.noekeon.org/, 1999Google Scholar
  3. 3.
    Phan R C W. Impossible differential cryptanalysis of 7-round Advanced Encryption Standard (AES). Inf Processing Lett, 2004, 91: 33–38MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Biham E, Dunkelman O, Keller N. Related-key impossible differential attacks on 8-round AES-192. In: Proceedings of Cryptographers’ Track at the RSA Conference — CT-RSA 2006. Berlin: Springer, 2006. 21–33Google Scholar
  5. 5.
    Biryukov A. The Boomerang attack on 5 and 6-round reduced AES. In: Proceedings of International Conference on Advanced Encryption Standard — AES 2004. Berlin: Springer, 2004. 11–15Google Scholar
  6. 6.
    Biryukov A, Khovratovich D. Related-key cryptanalysis of the full AES-192 and AES-256. In: Advances in Cryptology — ASIACRYPT 2009. Berlin: Springer, 2009. 1–18Google Scholar
  7. 7.
    Biryukov A, Khovratovich D, Nikolic I. Distinguisher and related-key attack on the full AES-256. In: Advances in Cryptology — CRYPTO 2009. Berlin: Springer, 2009. 231–249CrossRefGoogle Scholar
  8. 8.
    Demirci H, Selçuk A A. A meet-in-the-middle attack on 8-round AES. In: Fast Software Encryption — FSE 2008. Berlin: Springer, 2008. 5086: 116–126MATHGoogle Scholar
  9. 9.
    Gilbert H, Minier M. A collision attack on 7 rounds of Rijndael. In: Proceedings of the 3rd Advanced Encryption Standard Candidate Conference, New York, 2000. 230–241Google Scholar
  10. 10.
    Lu J, Dunkelman O, Keller N, et al. New impossible differential attacks on AES. In: Progress in Cryptology — INDOCRYPT 2008. Berlin: Springer, 2008. 279–293CrossRefGoogle Scholar
  11. 11.
    Informatik T. Attacking seven rounds of Rijndael under 192-bit and 256-bit keys. In: Proceedings of the 3rd Advanced Encryption Standard Candidate Conference, New York, 2000. 215–229Google Scholar
  12. 12.
    Zhang W, Wu W, Feng D. New results on impossible differential cryptanalysis of reduced AES. In: Proceedings of International Conference on Information Security and Cryptology — ICISC 2007. Berlin: Springer, 2007. 4817: 239–250MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Zhang W, Wu W, Zhang L, et al. Improved related-key impossible differential attacks on reduced-round AES-192. In: Selected Areas in Cryptography — SAC 2006. Berlin: Springer, 2007. 15–27Google Scholar
  14. 14.
    Biham E, Biryukov A, Shamir A. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Advances in Cryptology — EUROCRYPT 1999. Berlin: Springer, 1999. 12–23Google Scholar
  15. 15.
    Daemen J, Knudsen L R, Rijmen V. The block cipher square. In: Fast Software Encryption — FSE 1997. Berlin: Springer, 1997. 149–165Google Scholar
  16. 16.
    Biryukov A, Shamir A. Structural cryptanalysis of SASAS. In: Advances in Cryptology — EUROCRYPT 2001. Berlin: Springer, 2001. 395–405CrossRefGoogle Scholar
  17. 17.
    Grover L K. A fast quantum mechanical algorithm for database search. In: Proceedings of Annual ACM Symposium on the Theory of Computing — STOC 1996. New York: ACM, 1996. 24: 212–219MathSciNetMATHGoogle Scholar
  18. 18.
    Knudsen L R. DEAL — A 128-bit block cipher. Complexity, 1998Google Scholar
  19. 19.
    Lu J, Kim J, Keller N, et al. Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1. In: Cryptographers’ Track at the RSA Conference — CT-RSA 2008. Berlin: Springer, 2008. 370–386Google Scholar
  20. 20.
    Boura C, Naya-Plasencia M, Suder V. Scrutinizing and improving impossible differential attacks: applications to CLEFIA, Camellia, LBlock and Simon. In: Advances in Cryptology — ASIACRYPT 2014. Berlin: Springer, 2014. 179–199MATHGoogle Scholar
  21. 21.
    Tolba M, Abdelkhalek A, Youssef A M. Impossible differential cryptanalysis of reduced-round skinny. In: Progress in Cryptology — AFRICACRYPT 2017. Cham: Springer, 2017. 117–134CrossRefGoogle Scholar
  22. 22.
    Kim J, Hong S, Lim J. Impossible differential cryptanalysis using matrix method. Discrete Math, 2010, 310: 988–1002MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Luo Y, Lai X, Wu Z, et al. A unified method for finding impossible differentials of block cipher structures. Inf Sci, 2014, 263: 211–220CrossRefMATHGoogle Scholar
  24. 24.
    Luo Y, Lai X. Improvement for finding impossible differentials of block cipher structures. IACR Cryptology ePrint Archive, 2017, 2017: 1209Google Scholar
  25. 25.
    Sasaki Y, Todo Y. New impossible differential search tool from design and cryptanalysis aspects. In: Advances in Cryptology — EUROCRYPT 2017. Cham: Springer, 2017. 185–215CrossRefGoogle Scholar
  26. 26.
    Ding Y L, Wang X Y, Wang N, et al. Improved automatic search of impossible differentials for camellia with FL/FL−1 layers. Sci China Inf Sci, 2018, 61: 038103CrossRefGoogle Scholar
  27. 27.
    Nakahara J, Pavao I C. Impossible-differential attacks on large-block Rijndael. In: Proceedings of International Conference on Information Security — ISC 2007. Berlin: Springer, 2007. 104–117Google Scholar
  28. 28.
    Zhang L, Wu W, Park J H, et al. Improved impossible differential attacks on large-block Rijndael. In: Proceedings of International Conference on Information Security — ISC 2008. Berlin: Springer, 2008. 298–315Google Scholar
  29. 29.
    Wang Q, Gu D, Rijmen V, et al. Improved impossible differential attacks on large-block Rijndael. In: Proceedings of International Conference on Information Security and Cryptology — ICISC 2012. Berlin: Springer, 2012. 298–315Google Scholar
  30. 30.
    Minier M. Improving impossible-differential attacks against Rijndael-160 and Rijndael-224. Design Code Cryptogr, 2016, 82: 1–13MathSciNetMATHGoogle Scholar
  31. 31.
    Boura C, Minier M, Naya-Plasencia M, et al. Improved impossible differential attacks against round-reduced LBlock. Cryptogr Secur, 2014Google Scholar
  32. 32.
    Derbez P. Note on Impossible Differential Attacks. In: Fast Software Encryption — FSE 2016. Berlin: Springer, 2016. 416–427Google Scholar
  33. 33.
    Li Y J, Wu W L. Improved integral attacks on Rijndael. J Inf Sci Eng, 2011, 27: 2031–2045MathSciNetMATHGoogle Scholar
  34. 34.
    Dunkelman O, Keller N. A new attack on the LEX stream cipher. In: Advances in Cryptology — ASIACRYPT 2008. Berlin: Springer, 2008. 539–556CrossRefGoogle Scholar
  35. 35.
    Dunkelman O, Keller N, Shamir A. Improved single-key attacks on 8-round AES-192 and AES-256. In: Advances in Cryptology — ASIACRYPT 2010. Berlin: Springer, 2010. 158–176CrossRefGoogle Scholar

Copyright information

© Science China Press and Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Ya Liu
    • 1
    • 2
    • 3
  • Yifan Shi
    • 1
  • Dawu Gu
    • 3
  • Bo Dai
    • 1
  • Fengyu Zhao
    • 1
  • Wei Li
    • 4
    • 5
    • 6
  • Zhiqiang Liu
    • 3
    • 2
  • Zhiqiang Zeng
    • 7
  1. 1.Engineering Research Center of Optical Instrument and System, Ministry of Education, Shanghai Key Lab of Modern Optical SystemUniversity of Shanghai for Science and TechnologyShanghaiChina
  2. 2.State Key Laboratory of CryptologyBeijing 100878China
  3. 3.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina
  4. 4.School of Computer Science and TechnologyDonghua UniversityShanghaiChina
  5. 5.Shanghai Key Laboratory of Scalable Computing and SystemsShanghaiChina
  6. 6.Shanghai Key Laboratory of Integrated Administration Technologies for Information SecurityShanghaiChina
  7. 7.Science and Technology on Information Assurance LaboratoryBeijingChina

Personalised recommendations