CryptoDB
Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES
Authors: |
|
---|---|
Download: | |
Presentation: | Slides |
Abstract: | At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES - based on the “multiple-of-8” property - has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems rather hard to implement a key-recovery attack different than brute-force like using such a distinguisher. In this paper we introduce “Mixture Differential Cryptanalysis” on round-reduced AESlike ciphers, a way to translate the (complex) “multiple-of-8” 5-round distinguisher into a simpler and more convenient one (though, on a smaller number of rounds). Given a pair of chosen plaintexts, the idea is to construct new pairs of plaintexts by mixing the generating variables of the original pair of plaintexts. Here we theoretically prove that for 4-round AES the corresponding ciphertexts of the original pair of plaintexts lie in a particular subspace if and only if the corresponding pairs of ciphertexts of the new pairs of plaintexts have the same property. Such secret-key distinguisher - which is independent of the secret-key, of the details of the S-Box and of the MixColumns matrix (except for the branch number equal to 5) - can be used as starting point to set up new key-recovery attacks on round-reduced AES. Besides a theoretical explanation, we also provide a practical verification both of the distinguisher and of the attack. |
Video from TOSC 2018
BibTeX
@article{tosc-2018-29232, title={Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES}, journal={IACR Transactions on Symmetric Cryptology}, publisher={Ruhr-Universität Bochum}, volume={2018, Issue 2}, pages={133-160}, url={https://tosc.iacr.org/index.php/ToSC/article/view/891}, doi={10.13154/tosc.v2018.i2.133-160}, author={Lorenzo Grassi}, year=2018 }