Advertisement

Automatic Search of Attacks on Round-Reduced AES and Applications

  • Charles Bouillaguet
  • Patrick Derbez
  • Pierre-Alain Fouque
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)

Abstract

In this paper, we describe versatile and powerful algorithms for searching guess-and-determine and meet-in-the-middle attacks on byte-oriented symmetric primitives. To demonstrate the strengh of these tool, we show that they allows to automatically discover new attacks on round-reduced AES with very low data complexity, and to find improved attacks on the AES-based MACs Alpha-MAC and Pelican-MAC, and also on the AES-based stream cipher LEX. Finally, the tools can be used in the context of fault attacks. These algorithms exploit the algebraically simple byte-oriented structure of the AES. When the attack found by the tool are practical, they have been implemented and validated.

Keywords

Block Cipher Advance Encryption Standard Stream Cipher Pruning Strategy Fault Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Biryukov, A.: The Design of a Stream Cipher LEX. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 67–75. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Biryukov, A.: Design of a New Stream Cipher—LEX. In: Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 48–56. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds. In: [22], pp. 299–319Google Scholar
  4. 4.
    Biryukov, A., Khovratovich, D.: Two New Techniques of Side-Channel Cryptanalysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 195–208. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Biryukov, A., Khovratovich, D., Nikolic, I.: Distinguisher and Related-Key Attack on the Full AES-256. [23], 231–249Google Scholar
  7. 7.
    Biryukov, A., Nikolic, I.: Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others. [22], 322–344Google Scholar
  8. 8.
    Bouillaguet, C., Derbez, P., Dunkelman, O., Keller, N., Fouque, P.A.: Low Data Complexity Attacks on AES. Cryptology ePrint Archive, Report 2010/633 (2010), http://eprint.iacr.org/
  9. 9.
    Buchberger, B.: Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal. PhD thesis, University of Innsbruck (1965)Google Scholar
  10. 10.
    Buchmann, J., Pyshkin, A., Weinmann, R.-P.: A Zero-Dimensional Gröbner Basis for AES-128. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 78–88. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Cid, C.: Some Algebraic Aspects of the Advanced Encryption Standard. [16], 58–66Google Scholar
  12. 12.
    Cid, C., Leurent, G.: An Analysis of the XSL Algorithm. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 333–352. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Daemen, J., Rijmen, V.: A New MAC Construction ALRED and a Specific Instance ALPHA-MAC. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 1–17. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Daemen, J., Rijmen, V.: The Pelican MAC Function. Cryptology ePrint Archive, Report 2005/088 (2005), http://eprint.iacr.org/
  16. 16.
    Dobbertin, H., Rijmen, V., Sowa, A. (eds.): AES 2005. LNCS, vol. 3373. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  17. 17.
    Dunkelman, O., Keller, N.: A New Attack on the LEX Stream Cipher. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 539–556. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Dunkelman, O., Keller, N.: Cryptanalysis of the Stream Cipher LEX (2010), http://www.ma.huji.ac.il/~nkeller/Crypt-jour-LEX.pdf
  19. 19.
    Dunkelman, O., Keller, N.: The effects of the omission of last round’s mixcolumns on aes. Inf. Process. Lett. 110(8-9), 304–308 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    Dunkelman, O., Keller, N., Shamir, A.: Improved Single-Key Attacks on 8-Round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158–176. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Dunkelman, O., Keller, N., Shamir, A.: Alred blues: New attacks on aes-based mac’s. Cryptology ePrint Archive, Report 2011/095 (2011), http://eprint.iacr.org/
  22. 22.
    Gilbert, H. (ed.): EUROCRYPT 2010. LNCS, vol. 6110. Springer, Heidelberg (2010)zbMATHGoogle Scholar
  23. 23.
    Halevi, S. (ed.): CRYPTO 2009. LNCS, vol. 5677. Springer, Heidelberg (2009)zbMATHGoogle Scholar
  24. 24.
    Keliher, L.: Refined Analysis of Bounds Related to Linear and Differential Cryptanalysis for the AES. [16], 42–57Google Scholar
  25. 25.
    Keliher, L., Meijer, H., Tavares, S.: Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 112–128. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Keliher, L., Meijer, H., Tavares, S.: New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 420–436. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Khovratovich, D., Biryukov, A., Nikolic, I.: Speeding up Collision Search for Byte-Oriented Hash Functions. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 164–181. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Monnerat, J., Vaudenay, S.: On Some Weak Extensions of AES and BES. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 414–426. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Murphy, S., Robshaw, M.J.B.: Essential Algebraic Structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  30. 30.
    NIST: Advanced Encryption Standard (AES), FIPS 197. Technical report, NIST (November 2001)Google Scholar
  31. 31.
    Piret, G., Quisquater, J.-J.: A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  32. 32.
    Yuan, Z., Wang, W., Jia, K., Xu, G., Wang, X.: New Birthday Attacks on Some MACs Based on Block Ciphers. [23], 209–230Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Charles Bouillaguet
    • 1
  • Patrick Derbez
    • 1
  • Pierre-Alain Fouque
    • 1
  1. 1.ENS, CNRS, INRIAParisFrance

Personalised recommendations