TY - GEN
T1 - Probabilistic Mixture Differential Cryptanalysis on Round-Reduced AES
AU - Grassi, Lorenzo
PY - 2020/1/1
Y1 - 2020/1/1
N2 - At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems (rather) hard to exploit such a distinguisher in order to implement a key-recovery attack different than brute-force like. On the other hand, such result has been exploited to set up a new (competitive) secret-key distinguisher for 4-round AES, called “Mixture Differential Cryptanalysis”. In this paper, we combine this new 4-round distinguisher with a modified version of a truncated differential distinguisher in order to set up a new 5-round distinguisher, that exploits properties which are independent of the secret key, of the details of the S-Box and of the MixColumns matrix. As a result, while a “classical” truncated differential distinguisher exploits the probability that a pair of (two) texts satisfies or not a given differential trail independently of the others pairs, our distinguisher works with sets of (related) pairs of texts. In particular, our new 5-round AES distinguisher exploits the fact that such sets of texts satisfy some properties with a different probability than for a random permutation. Even if such 5-round distinguisher has a higher complexity than e.g. the “multiple-of-8” one present in the literature, it can be used as starting point to set up the first key-recovery attack on 6-round AES that exploits directly a 5-round secret-key distinguisher. The goal of this paper is indeed to present and explore new approaches, showing that even a distinguisher like the one presented at Eurocrypt – believed to be hard to exploit – can be the starting point for new secret-key distinguishers and/or key-recovery attacks.
AB - At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems (rather) hard to exploit such a distinguisher in order to implement a key-recovery attack different than brute-force like. On the other hand, such result has been exploited to set up a new (competitive) secret-key distinguisher for 4-round AES, called “Mixture Differential Cryptanalysis”. In this paper, we combine this new 4-round distinguisher with a modified version of a truncated differential distinguisher in order to set up a new 5-round distinguisher, that exploits properties which are independent of the secret key, of the details of the S-Box and of the MixColumns matrix. As a result, while a “classical” truncated differential distinguisher exploits the probability that a pair of (two) texts satisfies or not a given differential trail independently of the others pairs, our distinguisher works with sets of (related) pairs of texts. In particular, our new 5-round AES distinguisher exploits the fact that such sets of texts satisfy some properties with a different probability than for a random permutation. Even if such 5-round distinguisher has a higher complexity than e.g. the “multiple-of-8” one present in the literature, it can be used as starting point to set up the first key-recovery attack on 6-round AES that exploits directly a 5-round secret-key distinguisher. The goal of this paper is indeed to present and explore new approaches, showing that even a distinguisher like the one presented at Eurocrypt – believed to be hard to exploit – can be the starting point for new secret-key distinguishers and/or key-recovery attacks.
KW - AES
KW - Key-recovery attack
KW - Mixture differential cryptanalysis
KW - Secret-key distinguisher
KW - Truncated differential
UR - http://www.scopus.com/inward/record.url?scp=85079555936&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-38471-5_3
DO - 10.1007/978-3-030-38471-5_3
M3 - Conference paper
AN - SCOPUS:85079555936
SN - 9783030384708
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 53
EP - 84
BT - Selected Areas in Cryptography – SAC 2019 - 26th International Conference, Revised Selected Papers
A2 - Paterson, Kenneth G.
A2 - Stebila, Douglas
PB - Springer
T2 - 26th International Conference on Selected Areas in Cryptography
Y2 - 12 August 2019 through 16 August 2019
ER -