Automatic Search of Attacks on round-reduced AES and Applications

In this paper, we describe versatile and powerful algorithms for searching guess-and-determine and meet-in-the-middle attacks on byte-oriented symmetric primitives. To demonstrate the strengh of these tool, we show that they allows to automatically discover new attacks on round-reduced AES with very low data complexity, and to find improved attacks on the AES-based MACs Alpha-MAC and Pelican-MAC, and also on the AES-based stream cipher LEX. Finally, the tools can be used in the context of fault attacks. These algorithms exploit the algebraically simple byte-oriented structure of the AES. When the attack found by the tool are practical, they have been implemented and validated.

[1]  Vincent Rijmen,et al.  Advanced Encryption Standard - AES, 4th International Conference, AES 2004, Bonn, Germany, May 10-12, 2004, Revised Selected and Invited Papers , 2005, AES Conference.

[2]  Timothy A. Davis,et al.  Direct Methods for Sparse Linear Systems (Fundamentals of Algorithms 2) , 2006 .

[3]  Orr Dunkelman,et al.  Cryptanalysis of the Stream Cipher LEX , 2013, Des. Codes Cryptogr..

[4]  Matthew J. B. Robshaw,et al.  Algebraic aspects of the advanced encryption standard , 2006 .

[5]  Alex Biryukov,et al.  Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds , 2010, IACR Cryptol. ePrint Arch..

[6]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[7]  Henk Meijer,et al.  Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael , 2001, Selected Areas in Cryptography.

[8]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[9]  Orr Dunkelman,et al.  A New Attack on the LEX Stream Cipher , 2008, ASIACRYPT.

[10]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[11]  Liam Keliher,et al.  Refined Analysis of Bounds Related to Linear and Differential Cryptanalysis for the AES , 2004, AES Conference.

[12]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[13]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[14]  Wei Wang,et al.  New Birthday Attacks on Some MACs Based on Block Ciphers , 2009, CRYPTO.

[15]  A. Biryukov A New 128-bit Key Stream Cipher LEX , 2005 .

[16]  Henk Meijer,et al.  New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs , 2001, EUROCRYPT.

[17]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[18]  Johannes A. Buchmann,et al.  A Zero-Dimensional Gröbner Basis for AES-128 , 2006, FSE.

[19]  Gaëtan Leurent,et al.  An Analysis of the XSL Algorithm , 2005, ASIACRYPT.

[20]  Orr Dunkelman,et al.  The effects of the omission of last round's MixColumns on AES , 2010, Inf. Process. Lett..

[21]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[22]  Jean-Christophe Filliâtre,et al.  Functory: A Distributed Computing Library for Objective Caml , 2011, Trends in Functional Programming.

[23]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[24]  Alex Biryukov,et al.  Design of a New Stream Cipher-LEX , 2008, The eSTREAM Finalists.

[25]  Alex Biryukov,et al.  Two New Techniques of Side-Channel Cryptanalysis , 2007, CHES.

[26]  Adi Shamir,et al.  ALRED Blues: New Attacks on AES-Based MAC's , 2011, IACR Cryptol. ePrint Arch..

[27]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[28]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[29]  Vincent Rijmen,et al.  The Pelican MAC Function , 2005, IACR Cryptol. ePrint Arch..

[30]  Vincent Rijmen,et al.  Low-Data Complexity Attacks on AES , 2012, IEEE Transactions on Information Theory.

[31]  Alex Biryukov,et al.  Speeding up Collision Search for Byte-Oriented Hash Functions , 2009, CT-RSA.

[32]  Alex Biryukov,et al.  Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others , 2010, EUROCRYPT.

[33]  Sanjay Ghemawat,et al.  MapReduce: a flexible data processing tool , 2010, CACM.

[34]  Carlos Cid Some Algebraic Aspects of the Advanced Encryption Standard , 2004, AES Conference.

[35]  Matthew J. B. Robshaw,et al.  Essential Algebraic Structure within the AES , 2002, CRYPTO.

[36]  Serge Vaudenay,et al.  On Some Weak Extensions of AES and BES , 2004, ICICS.

[37]  Alex Biryukov,et al.  The Design of a Stream Cipher LEX , 2006, Selected Areas in Cryptography.

[38]  Vincent Rijmen,et al.  A New MAC Construction ALRED and a Specific Instance ALPHA-MAC , 2005, FSE.