论文信息 - The effects of the omission of last round's MixColumns on AES

The effects of the omission of last round's MixColumns on AES

The Advanced Encryption Standard (AES) is the most widely deployed block cipher. It follows the modern iterated block cipher approach, iterating a simple round function multiple times. The last round of AES slightly differs from the others, as a linear mixing operation (called MixColumns) is omitted from it. Following a statement of the designers, it is widely believed that the omission of the last round MixColumns has no security implications. As a result, the majority of attacks on reduced-round variants of AES assume that the last round of the reduced-round version is free of the MixColumns operation. In this letter we challenge this belief, showing evidence that the omission of MixColumns affects the security of (reduced-round) AES. First, we consider a simple example of 1-round AES, where we show that the omission reduces the time complexity of an attack with a single known plaintext from 2^4^8 to 2^1^6. Then, we examine several previously known attacks on 7-round AES-192 and show that the omission reduces their time complexities by a factor of 2^1^6.

Orr Dunkelman | Nathan Keller | O. Dunkelman | Nathan Keller

[1] Peng Zhang,et al. New Impossible Differential Cryptanalysis of ARIA , 2008, IACR Cryptol. ePrint Arch..

[2] Alex Biryukov,et al. Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[3] Vincent Rijmen,et al. Low-Data Complexity Attacks on AES , 2012, IEEE Transactions on Information Theory.

[4] Raphael C.-W. Phan,et al. Impossible differential cryptanalysis of 7-round Advanced Encryption Standard (AES) , 2004, Inf. Process. Lett..

[5] Dengguo Feng,et al. New Results on Impossible Differential Cryptanalysis of Reduced AES , 2007, ICISC.

[6] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[7] Bruce Schneier,et al. Improved Cryptanalysis of Rijndael , 2000, FSE.

[8] Marine Minier,et al. A Collision Attack on 7 Rounds of Rijndael , 2000, AES Candidate Conference.

[9] Stefan Lucks,et al. Western European Workshop on Research in Cryptology , 2005 .

[10] Stefan Lucks,et al. Attacking Seven Rounds of Rijndael under 192-bit and 256-bit Keys , 2000, AES Candidate Conference.

[11] Ali Aydin Selçuk,et al. A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[12] Jongsung Kim,et al. New Impossible Differential Attacks on AES , 2008, INDOCRYPT.