More accurate results on the provable security of AES against impossible differential cryptanalysis

Whether there exist longer impossible differentials than existing ones for a block cipher, is an important problem in the provable security evaluation of a block cipher against impossible differential cryptanalysis. In this paper, we give more accurate results for this problem for the AES. After investigating the differential properties of both the S-box and the linear layer of AES, we theoretically prove that there do not exist impossible concrete differentials longer than 4 rounds for AES by proving that any concrete differential is possible for the 5-round AES, under the only assumption that the round keys are independent and uniformly random. We use a tool, called “(w, d)-Dependent Tree (DT)”, to show how any concrete differential $$\varDelta X \rightarrow \varDelta Z$$ can be connected in the middle of the 5-round AES by some DTs. Our method might shed some light on bounding the length of impossible differentials with the differential properties of the S-boxes considered for some SPN block ciphers.

[1]  María Naya-Plasencia,et al.  Making the Impossible Possible , 2016, Journal of Cryptology.

[2]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[3]  Bin Zhang,et al.  Searching all truncated impossible differentials in SPN , 2017, IET Inf. Secur..

[4]  Tor Helleseth,et al.  Yoyo Tricks with AES , 2017, ASIACRYPT.

[5]  Guang Gong,et al.  A unified method for finding impossible differentials of block cipher structures , 2014, Inf. Sci..

[6]  Keting Jia,et al.  New Automatic Search Tool for Impossible Differentials and Zero-Correlation Linear Approximations , 2016, IACR Cryptol. ePrint Arch..

[7]  Mingsheng Wang,et al.  Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers , 2012, INDOCRYPT.

[8]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[9]  Chenhui Jin,et al.  Upper bound of the length of truncated impossible differentials for AES , 2018, Des. Codes Cryptogr..

[10]  Lars R. Knudsen,et al.  On the Role of Key Schedules in Attacks on Iterated Ciphers , 2004, ESORICS.

[11]  Christian Rechberger,et al.  A New Structural-Differential Property of 5-Round AES , 2017, EUROCRYPT.

[12]  Jongsung Kim,et al.  Impossible differential cryptanalysis using matrix method , 2010, Discret. Math..

[13]  Chunyan Song,et al.  Improved Impossible Differential Cryptanalysis of ARIA , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[14]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[15]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[16]  Yu Sasaki,et al.  New Impossible Differential Search Tool from Design and Cryptanalysis Aspects - Revealing Structural Properties of Several Ciphers , 2017, EUROCRYPT.

[17]  Vincent Rijmen,et al.  Provable Security Evaluation of Structures Against Impossible Differential and Zero Correlation Linear Cryptanalysis , 2016, EUROCRYPT.

[18]  Andrey Bogdanov,et al.  Bounds in Shallows and in Miseries , 2013, CRYPTO.

[19]  Patrick Derbez,et al.  Note on Impossible Differential Attacks , 2016, FSE.

[20]  Céline Blondeau,et al.  Links Between Theoretical and Effective Differential Probabilities: Experiments on PRESENT , 2010, IACR Cryptol. ePrint Arch..

[21]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[22]  Vincent Rijmen,et al.  New Insights on AES-Like SPN Ciphers , 2016, CRYPTO.

[23]  Brice Minaud,et al.  A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro , 2015, EUROCRYPT.

[24]  Behnam Bahrak,et al.  Impossible differential attack on seven-round AES-128 , 2008, IET Inf. Secur..

[25]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[26]  Vincent Rijmen,et al.  Understanding Two-Round Differentials in AES , 2006, SCN.

[27]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[28]  Anne Canteaut,et al.  On the Behaviors of Affine Equivalent Sboxes Regarding Differential and Linear Attacks , 2015, EUROCRYPT.

[29]  Marine Minier,et al.  Improved Impossible Differential Attacks against Round-Reduced LBlock , 2014, IACR Cryptol. ePrint Arch..

[30]  Eli Biham,et al.  Efficient Slide Attacks , 2017, Journal of Cryptology.

[31]  Rudolf Lide,et al.  Finite fields , 1983 .

[32]  Dieter Gollmann,et al.  Computer Security - ESORICS 2004: 9th European Symposium on Research Computer Security, Sophia Antipolis, France, September 13-15, 2004. Proceedings (Lecture Notes in Computer Science) , 2004 .