Abstract
The block cipher MARS has been designed by a team from IBM and became one of the five finalists for the AES. A unique feature is the usage of two entirely different round function types. The ”wrapper rounds” are unkeyed, while the key schedule for the ”core rounds” is a slow and complex one, much more demanding then, e.g., the key schedule for the AES. Each core round employs a 62-bit round key. The best attack published so far [KKS00] was applicable to 11 core rounds, and succeeded in recovering some 163 round key bits. But neither did it deal with inverting the key schedule, nor did it provide any other means to recover the remaining 519 round key bits in usage.
Our attack applies to 12 core rounds, needs 2252 operations, 265 chosen plaintexts and 269 memory cells. After recovering a limited number of cipher key bits, we deal with the inverse key-schedule to recover the original encryption key. This allows the attacker to easily generate all the round keys in the full.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, R., Halevi, S., Jutla, C., Matyas Jr., S.M., O’Connor, L., Peyravian, M., Stafford, D., Zunic, N.: MARS - A Candidate Cipher for AES. NIST AES Proposal (1999)
Biham, E., Furman, V.: Impossible differential on 8-round mars’ core. In: 3rd AES Candidate Conference, pp. 186–194 (2000)
Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)
Biryukov, A., Khovratovich, D.: Feasible Attack on the 13-round AES-256. Cryptology ePrint Archive, Report 2010/257 (2010), http://eprint.iacr.org/
Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes and Vanstone [MV91], pp. 2–21
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)
Hoang, V.T., Rogaway, P.: On generalized feistel networks (2010), http://eprint.iacr.org/2010/301
Kelsey, J., Kohno, T., Schneier, B.: Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)
Kelsey, J., Schneier, B.: MARS Attacks! Preliminary Cryptanalysis of Reduced-Round MARS Variants. In: 3rd AES Candidate Conference, pp. 169–185 (2000)
Menezes, A., Vanstone, S.A. (eds.): CRYPTO 1990. LNCS, vol. 537. Springer, Heidelberg (1991)
NIST. A Request for Candidate Algorithm Nominations for the AES (2000), http://www.nist.gov/aes/
Pestunov, A.: Differential Cryptanalysis of the MARS Block Cipher. Prikladnaya Diskretnaya Matematika, pp. 56–63 (2009), http://mi.mathnet.ru/pdm157
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gorski, M., Knapke, T., List, E., Lucks, S., Wenzel, J. (2011). Mars Attacks! Revisited:. In: Bernstein, D.J., Chatterjee, S. (eds) Progress in Cryptology – INDOCRYPT 2011. INDOCRYPT 2011. Lecture Notes in Computer Science, vol 7107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25578-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-25578-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25577-9
Online ISBN: 978-3-642-25578-6
eBook Packages: Computer ScienceComputer Science (R0)