@inproceedings{cd2b8f812bcb4768a03642c0d1cffeca,
title = "Mixture Integral Attacks on Reduced-Round AES with a Known/Secret S-Box",
abstract = "In this work, we present new low-data secret-key distinguishers and key-recovery attacks on reduced-round AES. The starting point of our work is “Mixture Differential Cryptanalysis” recently introduced at FSE/ToSC 2019, a way to turn the “multiple-of-8” 5-round AES secret-key distinguisher presented at Eurocrypt 2017 into a simpler and more convenient one (though, on a smaller number of rounds). By reconsidering this result on a smaller number of rounds, we present as our main contribution a new secret-key distinguisher on 3-round AES with the smallest data complexity in the literature (that does not require adaptive chosen plaintexts/ciphertexts), namely approximately half of the data necessary to set up a 3-round truncated differential distinguisher (which is currently the distinguisher in the literature with the lowest data complexity). For a success probability of 95%, our distinguisher requires just 10 chosen plaintexts versus 20 chosen plaintexts necessary to set up the truncated differential attack. Besides that, we present new competitive low-data key-recovery attacks on 3- and 4-round AES, both in the case in which the S-box is known and in the case in which it is secret.",
keywords = "AES, Mixture Differential Cryptanalysis, Secret-Key Distinguisher, Low-Data Attack, Secret S-Box, Low-data attack, Secret-key distinguisher, Secret S-box",
author = "Lorenzo Grassi and Markus Schofnegger",
year = "2020",
doi = "10.1007/978-3-030-65277-7_14",
language = "English",
isbn = " 978-3-030-65276-0",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "312--331|",
editor = "Karthikeyan Bhargavan and Elisabeth Oswald and Manoj Prabhakaran",
booktitle = "Progress in Cryptology – INDOCRYPT 2020",
note = "21st International Conference on Cryptology in India, Indocrypt 2020 ; Conference date: 13-12-2020 Through 16-12-2020",
}