Mixture Integral Attacks on Reduced-Round AES with a Known/Secret S-Box

Lorenzo Grassi, Markus Schofnegger*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paper

Abstract

In this work, we present new low-data secret-key distinguishers and key-recovery attacks on reduced-round AES. The starting point of our work is “Mixture Differential Cryptanalysis” recently introduced at FSE/ToSC 2019, a way to turn the “multiple-of-8” 5-round AES secret-key distinguisher presented at Eurocrypt 2017 into a simpler and more convenient one (though, on a smaller number of rounds). By reconsidering this result on a smaller number of rounds, we present as our main contribution a new secret-key distinguisher on 3-round AES with the smallest data complexity in the literature (that does not require adaptive chosen plaintexts/ciphertexts), namely approximately half of the data necessary to set up a 3-round truncated differential distinguisher (which is currently the distinguisher in the literature with the lowest data complexity). For a success probability of 95%, our distinguisher requires just 10 chosen plaintexts versus 20 chosen plaintexts necessary to set up the truncated differential attack. Besides that, we present new competitive low-data key-recovery attacks on 3- and 4-round AES, both in the case in which the S-box is known and in the case in which it is secret.

Original languageEnglish
Title of host publicationProgress in Cryptology – INDOCRYPT 2020
Subtitle of host publication21st International Conference on Cryptology in India, Bangalore, India, December 13–16, 2020, Proceedings
EditorsKarthikeyan Bhargavan, Elisabeth Oswald, Manoj Prabhakaran
Place of PublicationCham
PublisherSpringer
Pages312-331|
Number of pages20
ISBN (Print) 978-3-030-65276-0
DOIs
Publication statusPublished - 2020
Event21st International Conference on Cryptology in India - Virtuell, India
Duration: 13 Dec 202016 Dec 2020

Publication series

NameLecture Notes in Computer Science
Volume12578

Conference

Conference21st International Conference on Cryptology in India
Abbreviated titleIndocrypt 2020
CountryIndia
CityVirtuell
Period13/12/2016/12/20

Keywords

  • AES
  • Mixture Differential Cryptanalysis
  • Secret-Key Distinguisher
  • Low-Data Attack
  • Secret S-Box
  • Low-data attack
  • Secret-key distinguisher
  • Secret S-box

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Mixture Integral Attacks on Reduced-Round AES with a Known/Secret S-Box'. Together they form a unique fingerprint.

Cite this