Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities

Determining the security of AES is a central problem in cryptanalysis, but progress in this area had been slow and only a handful of cryptanalytic techniques led to significant advancements. At Eurocrypt 2017 Grassi et al. presented a novel type of distinguisher for AES-like structures, but so far all the published attacks which were based on this distinguisher were inferior to previously known attacks in their complexity. In this paper we combine the technique of Grassi et al. with several other techniques in a novel way to obtain the best known key recovery attack on 5-round AES in the single-key model, reducing its overall complexity from about $$2^{32}$$ 2 32 to less than $$2^{22}$$ 2 22 . Extending our techniques to 7-round AES, we obtain the best known attacks on reduced-round AES-192 which use practical amounts of data and memory, breaking the record for such attacks which was obtained in 2000 by the classical Square attack. In addition, we use our techniques to improve the Gilbert–Minier attack (2000) on 7-round AES, reducing its memory complexity from $$2^{80}$$ 2 80 to $$2^{40}$$ 2 40 .

[1]  Phillip Rogaway,et al.  Robust Authenticated-Encryption AEZ and the Problem That It Solves , 2015, EUROCRYPT.

[2]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[3]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[4]  Tor Helleseth,et al.  Yoyo Tricks with AES , 2017, ASIACRYPT.

[5]  Vincent Rijmen,et al.  Low-Data Complexity Attacks on AES , 2012, IEEE Transactions on Information Theory.

[6]  Michael Tunstall,et al.  Improved "Partial Sums"-based Square Attack on AES , 2012, SECRYPT.

[7]  Patrick Derbez,et al.  Meet-in-the-Middle Attacks on AES , 2013 .

[8]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[9]  Eli Biham,et al.  Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR , 1998, Selected Areas in Cryptography.

[10]  Eli Biham,et al.  The Rectangle Attack - Rectangling the Serpent , 2001, EUROCRYPT.

[11]  Lorenzo Grassi,et al.  Mixture Differential Cryptanalysis: New Approaches for Distinguishers and Attacks on round-reduced AES , 2018, IACR Cryptol. ePrint Arch..

[12]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[13]  Jihoon Cho,et al.  WEM: A New Family of White-Box Block Ciphers Based on the Even-Mansour Construction , 2017, CT-RSA.

[14]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[15]  Bruce Schneier,et al.  Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent , 2000, FSE.

[16]  Adi Shamir,et al.  Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems , 2012, CRYPTO.

[17]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[18]  Eli Biham,et al.  Cryptanalysis of reduced variants of RIJNDAEL , 2000 .

[19]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[20]  Pierre-Alain Fouque,et al.  Automatic Search of Attacks on round-reduced AES and Applications , 2011, IACR Cryptol. ePrint Arch..

[21]  Nilanjan Datta,et al.  ELmD: A Pipelineable Authenticated Encryption and Its Hardware Implementation , 2016, IEEE Transactions on Computers.

[22]  Tyge Tiessen Polytopic Cryptanalysis , 2016, EUROCRYPT.

[23]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[24]  Christian Rechberger,et al.  A New Structural-Differential Property of 5-Round AES , 2017, EUROCRYPT.

[25]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[26]  Marine Minier,et al.  A Collision Attack on 7 Rounds of Rijndael , 2000, AES Candidate Conference.

[27]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[28]  Brice Minaud,et al.  Efficient and Provable White-Box Primitives , 2016, ASIACRYPT.

[29]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[30]  María Naya-Plasencia,et al.  Making the Impossible Possible , 2016, Journal of Cryptology.

[31]  Pierre-Alain Fouque,et al.  Exhausting Demirci-Selçuk Meet-in-the-Middle Attacks against Reduced-Round AES , 2013, IACR Cryptol. ePrint Arch..