Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES

Lorenzo Grassi; Christian Rechberger

doi:10.1007/978-3-031-22301-3_2

Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES

Lorenzo Grassi^*, Christian Rechberger

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.

Original language	English
Title of host publication	Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings
Editors	Khoa Nguyen, Guomin Yang, Fuchun Guo, Willy Susilo
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	24-45
Number of pages	22
ISBN (Print)	9783031223006
DOIs	https://doi.org/10.1007/978-3-031-22301-3_2
Publication status	Published - 2022
Event	27th Australasian Conference on Information Security and Privacy, ACISP 2022 - Wollongong, Australia Duration: 28 Nov 2022 → 30 Nov 2022

Publication series

Name	Lecture Notes in Computer Science
Volume	13494
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th Australasian Conference on Information Security and Privacy, ACISP 2022
Country/Territory	Australia
City	Wollongong
Period	28/11/22 → 30/11/22

Keywords

AES
Distinguisher
Truncated-differential cryptanalysis

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-031-22301-3_2

Cite this

Grassi, L., & Rechberger, C. (2022). Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. In K. Nguyen, G. Yang, F. Guo, & W. Susilo (Eds.), Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings (pp. 24-45). (Lecture Notes in Computer Science; Vol. 13494). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-22301-3_2

Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. / Grassi, Lorenzo; Rechberger, Christian.
Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. ed. / Khoa Nguyen; Guomin Yang; Fuchun Guo; Willy Susilo. Springer Science and Business Media Deutschland GmbH, 2022. p. 24-45 (Lecture Notes in Computer Science; Vol. 13494).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Grassi, L & Rechberger, C 2022, Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. in K Nguyen, G Yang, F Guo & W Susilo (eds), Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. Lecture Notes in Computer Science, vol. 13494, Springer Science and Business Media Deutschland GmbH, pp. 24-45, 27th Australasian Conference on Information Security and Privacy, ACISP 2022, Wollongong, Australia, 28/11/22. https://doi.org/10.1007/978-3-031-22301-3_2

Grassi L, Rechberger C. Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. In Nguyen K, Yang G, Guo F, Susilo W, editors, Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 24-45. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-22301-3_2

Grassi, Lorenzo ; Rechberger, Christian. / Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES. Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings. editor / Khoa Nguyen ; Guomin Yang ; Fuchun Guo ; Willy Susilo. Springer Science and Business Media Deutschland GmbH, 2022. pp. 24-45 (Lecture Notes in Computer Science).

@inproceedings{2174868a73e04471aa85e43cf051f4a6,

title = "Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES",

abstract = "In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.",

keywords = "AES, Distinguisher, Truncated-differential cryptanalysis",

author = "Lorenzo Grassi and Christian Rechberger",

note = "Funding Information: This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Funding Information: Acknowledgements. This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 27th Australasian Conference on Information Security and Privacy, ACISP 2022 ; Conference date: 28-11-2022 Through 30-11-2022",

year = "2022",

doi = "10.1007/978-3-031-22301-3_2",

language = "English",

isbn = "9783031223006",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "24--45",

editor = "Khoa Nguyen and Guomin Yang and Fuchun Guo and Willy Susilo",

booktitle = "Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES

AU - Grassi, Lorenzo

AU - Rechberger, Christian

N1 - Funding Information: This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Funding Information: Acknowledgements. This work was accomplished when L. Grassi was at IAIK, Graz University of Technology, Austria. Authors thank also anonymous reviewers for their valuable comments and suggestions. L. Grassi is currently supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA. Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.

AB - In the last couple of years, a new wave of results appeared, proposing and exploiting new properties of round-reduced AES. In this paper we survey and combine some of these results (namely, the multiple-of-n property and the mixture differential cryptanalysis) in a systematic way in order to answer more general questions regarding the probability distribution of encrypted diagonal sets. This allows to analyze this special set of inputs, and report on new properties regarding the probability distribution of the number of different pairs of corresponding ciphertexts are equal in certain anti-diagonal(s) after 5 rounds. An immediate corollary of the multiple-of-8 property is that the variance of such a distribution can be shown to be higher than for a random permutation. Surprisingly, also the mean of the distribution is significantly different from random, something which cannot be explained by the multiple-of-8 property. We propose a theoretical explanation of this, by assuming an APN-like assumption on the S-Box which closely resembles the AES-Sbox. By combining the multiple-of-8 property, the mixture differential approach, and the results just mentioned about the mean and the variance, we are finally able to formulate the probability distribution of the diagonal set after 5-round AES as a sum of independent binomial distributions.

KW - AES

KW - Distinguisher

KW - Truncated-differential cryptanalysis

UR - http://www.scopus.com/inward/record.url?scp=85145020486&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-22301-3_2

DO - 10.1007/978-3-031-22301-3_2

M3 - Conference paper

AN - SCOPUS:85145020486

SN - 9783031223006

T3 - Lecture Notes in Computer Science

SP - 24

EP - 45

BT - Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Proceedings

A2 - Nguyen, Khoa

A2 - Yang, Guomin

A2 - Guo, Fuchun

A2 - Susilo, Willy

PB - Springer Science and Business Media Deutschland GmbH

T2 - 27th Australasian Conference on Information Security and Privacy, ACISP 2022

Y2 - 28 November 2022 through 30 November 2022

ER -