A new structural-differential property of 5-round AES

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

AES is probably the most widely studied and used block cipher. Also versions with a reduced number of rounds are used as a building block in many cryptographic schemes, e.g. several candidates of the SHA-3 and CAESAR competition are based on it. So far, non-random properties which are independent of the secret key are known for up to 4 rounds of AES. These include differential, impossible differential, and integral properties. In this paper we describe a new structural property for up to 5 rounds of AES, differential in nature and which is independent of the secret key, of the details of the MixColumns matrix (with the exception that the branch number must be maximal) and of the SubBytes operation. It is very simple: By appropriate choices of difference for a number of input pairs it is possible to make sure that the number of times that the difference of the resulting output pairs lie in a particular subspace is always a multiple of 8. We not only observe this property experimentally (using a small-scale version of AES), we also give a detailed proof as to why it has to exist. As a first application of this property, we describe a way to distinguish the 5-round AES permutation (or its inverse) from a random permutation with only 232 chosen texts that has a computational cost of 235.6 lookups into memory of size 236 bytes which has a success probability greater than 99%.

Originalspracheenglisch
TitelAdvances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Herausgeber (Verlag)Springer Verlag Wien
Seiten289-317
Seitenumfang29
Band10211 LNCS
ISBN (Print)9783319566139
DOIs
PublikationsstatusVeröffentlicht - 2017

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band10211 LNCS
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Fingerprint

Structural properties
Data storage equipment
Costs
Random Permutation
Block Cipher
Structural Properties
Building Blocks
Exception
Computational Cost
Permutation
Branch
Subspace
Output

Schlagwörter

    ASJC Scopus subject areas

    • !!Theoretical Computer Science
    • !!Computer Science(all)

    Dies zitieren

    Grassi, L., Rechberger, C., & Rønjom, S. (2017). A new structural-differential property of 5-round AES. in Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (Band 10211 LNCS, S. 289-317). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 10211 LNCS). Springer Verlag Wien. https://doi.org/10.1007/978-3-319-56614-6_10

    A new structural-differential property of 5-round AES. / Grassi, Lorenzo; Rechberger, Christian; Rønjom, Sondre.

    Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Band 10211 LNCS Springer Verlag Wien, 2017. S. 289-317 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 10211 LNCS).

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Grassi, L, Rechberger, C & Rønjom, S 2017, A new structural-differential property of 5-round AES. in Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Bd. 10211 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bd. 10211 LNCS, Springer Verlag Wien, S. 289-317. https://doi.org/10.1007/978-3-319-56614-6_10
    Grassi L, Rechberger C, Rønjom S. A new structural-differential property of 5-round AES. in Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Band 10211 LNCS. Springer Verlag Wien. 2017. S. 289-317. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-56614-6_10
    Grassi, Lorenzo ; Rechberger, Christian ; Rønjom, Sondre. / A new structural-differential property of 5-round AES. Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Band 10211 LNCS Springer Verlag Wien, 2017. S. 289-317 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
    @inproceedings{8e0232e432724c298390bf4c2094d01a,
    title = "A new structural-differential property of 5-round AES",
    abstract = "AES is probably the most widely studied and used block cipher. Also versions with a reduced number of rounds are used as a building block in many cryptographic schemes, e.g. several candidates of the SHA-3 and CAESAR competition are based on it. So far, non-random properties which are independent of the secret key are known for up to 4 rounds of AES. These include differential, impossible differential, and integral properties. In this paper we describe a new structural property for up to 5 rounds of AES, differential in nature and which is independent of the secret key, of the details of the MixColumns matrix (with the exception that the branch number must be maximal) and of the SubBytes operation. It is very simple: By appropriate choices of difference for a number of input pairs it is possible to make sure that the number of times that the difference of the resulting output pairs lie in a particular subspace is always a multiple of 8. We not only observe this property experimentally (using a small-scale version of AES), we also give a detailed proof as to why it has to exist. As a first application of this property, we describe a way to distinguish the 5-round AES permutation (or its inverse) from a random permutation with only 232 chosen texts that has a computational cost of 235.6 lookups into memory of size 236 bytes which has a success probability greater than 99{\%}.",
    keywords = "AES, Block cipher, Permutation, Secret-key distinguisher",
    author = "Lorenzo Grassi and Christian Rechberger and Sondre R{\o}njom",
    year = "2017",
    doi = "10.1007/978-3-319-56614-6_10",
    language = "English",
    isbn = "9783319566139",
    volume = "10211 LNCS",
    series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
    publisher = "Springer Verlag Wien",
    pages = "289--317",
    booktitle = "Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

    }

    TY - GEN

    T1 - A new structural-differential property of 5-round AES

    AU - Grassi, Lorenzo

    AU - Rechberger, Christian

    AU - Rønjom, Sondre

    PY - 2017

    Y1 - 2017

    N2 - AES is probably the most widely studied and used block cipher. Also versions with a reduced number of rounds are used as a building block in many cryptographic schemes, e.g. several candidates of the SHA-3 and CAESAR competition are based on it. So far, non-random properties which are independent of the secret key are known for up to 4 rounds of AES. These include differential, impossible differential, and integral properties. In this paper we describe a new structural property for up to 5 rounds of AES, differential in nature and which is independent of the secret key, of the details of the MixColumns matrix (with the exception that the branch number must be maximal) and of the SubBytes operation. It is very simple: By appropriate choices of difference for a number of input pairs it is possible to make sure that the number of times that the difference of the resulting output pairs lie in a particular subspace is always a multiple of 8. We not only observe this property experimentally (using a small-scale version of AES), we also give a detailed proof as to why it has to exist. As a first application of this property, we describe a way to distinguish the 5-round AES permutation (or its inverse) from a random permutation with only 232 chosen texts that has a computational cost of 235.6 lookups into memory of size 236 bytes which has a success probability greater than 99%.

    AB - AES is probably the most widely studied and used block cipher. Also versions with a reduced number of rounds are used as a building block in many cryptographic schemes, e.g. several candidates of the SHA-3 and CAESAR competition are based on it. So far, non-random properties which are independent of the secret key are known for up to 4 rounds of AES. These include differential, impossible differential, and integral properties. In this paper we describe a new structural property for up to 5 rounds of AES, differential in nature and which is independent of the secret key, of the details of the MixColumns matrix (with the exception that the branch number must be maximal) and of the SubBytes operation. It is very simple: By appropriate choices of difference for a number of input pairs it is possible to make sure that the number of times that the difference of the resulting output pairs lie in a particular subspace is always a multiple of 8. We not only observe this property experimentally (using a small-scale version of AES), we also give a detailed proof as to why it has to exist. As a first application of this property, we describe a way to distinguish the 5-round AES permutation (or its inverse) from a random permutation with only 232 chosen texts that has a computational cost of 235.6 lookups into memory of size 236 bytes which has a success probability greater than 99%.

    KW - AES

    KW - Block cipher

    KW - Permutation

    KW - Secret-key distinguisher

    UR - http://www.scopus.com/inward/record.url?scp=85018687641&partnerID=8YFLogxK

    U2 - 10.1007/978-3-319-56614-6_10

    DO - 10.1007/978-3-319-56614-6_10

    M3 - Conference contribution

    SN - 9783319566139

    VL - 10211 LNCS

    T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

    SP - 289

    EP - 317

    BT - Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

    PB - Springer Verlag Wien

    ER -