Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES

Lorenzo Grassi; Christian Rechberger

doi:10.1007/978-3-031-22301-3_2

Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES

Lorenzo Grassi^*, Christian Rechberger

^*Korrespondierende/r Autor/-in für diese Arbeit

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.

Originalsprache	englisch
Titel	Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings
Redakteure/-innen	Khoa Nguyen, Guomin Yang, Fuchun Guo, Willy Susilo
Herausgeber (Verlag)	Springer Science and Business Media Deutschland GmbH
Seiten	24-45
Seitenumfang	22
ISBN (Print)	9783031223006
DOIs	https://doi.org/10.1007/978-3-031-22301-3_2
Publikationsstatus	Veröffentlicht - 2022
Veranstaltung	27th Australasian Conference on Information Security and Privacy, ACISP 2022 - Wollongong, Australien Dauer: 28 Nov. 2022 → 30 Nov. 2022

Publikationsreihe

Name	Lecture Notes in Computer Science
Band	13494
ISSN (Print)	0302-9743
ISSN (elektronisch)	1611-3349

Konferenz

Konferenz	27th Australasian Conference on Information Security and Privacy, ACISP 2022
Land/Gebiet	Australien
Ort	Wollongong
Zeitraum	28/11/22 → 30/11/22

ASJC Scopus subject areas

Theoretische Informatik
Allgemeine Computerwissenschaft

Zugriff auf Dokument

10.1007/978-3-031-22301-3_2

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

Dieses zitieren

Grassi, L., & Rechberger, C. (2022). Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. in K. Nguyen, G. Yang, F. Guo, & W. Susilo (Hrsg.), Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings (S. 24-45). (Lecture Notes in Computer Science; Band 13494). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-22301-3_2

Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. / Grassi, Lorenzo; Rechberger, Christian.
Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. Hrsg. / Khoa Nguyen; Guomin Yang; Fuchun Guo; Willy Susilo. Springer Science and Business Media Deutschland GmbH, 2022. S. 24-45 (Lecture Notes in Computer Science; Band 13494).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Grassi, L & Rechberger, C 2022, Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. in K Nguyen, G Yang, F Guo & W Susilo (Hrsg.), Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. Lecture Notes in Computer Science, Bd. 13494, Springer Science and Business Media Deutschland GmbH, S. 24-45, 27th Australasian Conference on Information Security and Privacy, ACISP 2022, Wollongong, Australien, 28/11/22. https://doi.org/10.1007/978-3-031-22301-3_2

Grassi L, Rechberger C. Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. in Nguyen K, Yang G, Guo F, Susilo W, Hrsg., Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. S. 24-45. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-22301-3_2

Grassi, Lorenzo ; Rechberger, Christian. / Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. Hrsg. / Khoa Nguyen ; Guomin Yang ; Fuchun Guo ; Willy Susilo. Springer Science and Business Media Deutschland GmbH, 2022. S. 24-45 (Lecture Notes in Computer Science).

@inproceedings{2174868a73e04471aa85e43cf051f4a6,

title = "Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES",

abstract = "In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.",

keywords = "AES, Distinguisher, Truncated-differential cryptanalysis",

author = "Lorenzo Grassi and Christian Rechberger",

note = "Funding Information: This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Funding Information: Acknowledgements. This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 27th Australasian Conference on Information Security and Privacy, ACISP 2022 ; Conference date: 28-11-2022 Through 30-11-2022",

year = "2022",

doi = "10.1007/978-3-031-22301-3_2",

language = "English",

isbn = "9783031223006",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "24--45",

editor = "Khoa Nguyen and Guomin Yang and Fuchun Guo and Willy Susilo",

booktitle = "Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES

AU - Grassi, Lorenzo

AU - Rechberger, Christian

N1 - Funding Information: This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Funding Information: Acknowledgements. This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.

AB - In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.

KW - AES

KW - Distinguisher

KW - Truncated-differential cryptanalysis

UR - http://www.scopus.com/inward/record.url?scp=85145020486&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-22301-3_2

DO - 10.1007/978-3-031-22301-3_2

M3 - Conference paper

AN - SCOPUS:85145020486

SN - 9783031223006

T3 - Lecture Notes in Computer Science

SP - 24

EP - 45

BT - Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings

A2 - Nguyen, Khoa

A2 - Yang, Guomin

A2 - Guo, Fuchun

A2 - Susilo, Willy

PB - Springer Science and Business Media Deutschland GmbH

T2 - 27th Australasian Conference on Information Security and Privacy, ACISP 2022

Y2 - 28 November 2022 through 30 November 2022

ER -