Improved Linear Cryptanalysis of Round-Reduced ARIA

ARIA is an iterated SPN block cipher developed by a group of Korean cryptographers in 2003, established as a Korean standard in 2004 and added to the Transport Layer Security (TLS) supported cipher suites in 2011. It encrypts 128-bit blocks with either 128, 192, or 256-bit key. In this paper, we revisit the security of round-reduced ARIA against linear cryptanalysis and present a 5-round linear hull using the correlation matrix approach to launch the first 8-round key recovery attack on ARIA-128 and improve the 9 and 11-round attacks on ARIA-192/256, respectively, by including the post whitening key. Furthermore, sin all our attacks, we manage to recover the secret master key. The (data in known plaintexts, time in round-reduced encryption operations, memory in 128-bit blocks) complexities of our attacks are (\(2^{122.61}\), \(2^{123.48}\), \(2^{119.94}\)), (\(2^{122.99}\), \(2^{154.83}\), \(2^{159.94}\)), and (\(2^{123.53}\), \(2^{238.13}\), \(2^{239.95}\)) for ARIA-128, ARIA-192, and ARIA-256, respectively.

[1]  Alex Biryukov,et al.  Progress in Cryptology -- INDOCRYPT 2015 , 2015, Lecture Notes in Computer Science.

[2]  Shao-zhen Chen,et al.  Biclique Attack of the Full ARIA-256 , 2012, IACR Cryptol. ePrint Arch..

[3]  Vincent Rijmen,et al.  Fast Software Encryption , 2002, Lecture Notes in Computer Science.

[4]  Chae Hoon Lim,et al.  Information Security and Cryptology — ICISC 2002 , 2003, Lecture Notes in Computer Science.

[5]  Juanru Li,et al.  Linear Cryptanalysis of ARIA Block Cipher , 2011, ICICS.

[6]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[7]  Daesung Kwon,et al.  A Description of the ARIA Encryption Algorithm , 2010, RFC.

[8]  Gaëtan Leurent,et al.  Improved Differential-Linear Cryptanalysis of 7-Round Chaskey with Partitioning , 2016, EUROCRYPT.

[9]  Hongbo Yu,et al.  Improved Meet-in-the-Middle Attacks on Round-Reduced ARIA , 2013, ISC.

[10]  Jiazhe Chen,et al.  Impossible Differential Cryptanalysis of ARIA Reduced to 7 Rounds , 2010, CANS.

[11]  Dengguo Feng,et al.  Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia , 2007, Journal of Computer Science and Technology.

[12]  Chao Li,et al.  A meet-in-the-middle attack on reduced-round ARIA , 2011, J. Syst. Softw..

[13]  Chunyan Song,et al.  Improved Impossible Differential Cryptanalysis of ARIA , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[14]  Chao Li,et al.  Integral Cryptanalysis of ARIA , 2009, Inscrypt.

[15]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[16]  Alex Biryukov,et al.  Security and Performance Analysis of Aria Version 1 . 2 FINAL REPORT , 2004 .

[17]  Stefan Lucks,et al.  New Boomerang Attacks on ARIA , 2010, INDOCRYPT.

[18]  Yanjun Li,et al.  Integral Attacks on Reduced-Round ARIA Block Cipher , 2010, ISPEC.

[19]  Ali Aydin Selçuk,et al.  On Probability of Success in Linear and Differential Cryptanalysis , 2008, Journal of Cryptology.

[20]  Nasour Bagheri,et al.  Improved Linear Cryptanalysis of Reduced-Round SIMON-32 and SIMON-48 , 2015, INDOCRYPT.

[21]  Jongin Lim,et al.  Information Security and Cryptology - ICISC 2003 , 2003, Lecture Notes in Computer Science.

[22]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[23]  Peng Zhang,et al.  New Impossible Differential Cryptanalysis of ARIA , 2008, IACR Cryptol. ePrint Arch..

[24]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[25]  Daesung Kwon,et al.  Addition of the ARIA Cipher Suites to Transport Layer Security (TLS) , 2011, RFC.