New Representations of the AES Key Schedule
نویسندگان
چکیده
In this paper we present a new representation of the AES key schedule, with some implications to security AES-based schemes. particular, show that AES-128 schedule can be split into four independent parallel computations operating on 32 bits chunks, up linear transformation. Surprisingly, property has not been described in literature after more than 20 years analysis AES. We two consequences our representation, improving previous cryptanalysis results First, observe iterating an odd number rounds function short cycles. This explains observation Khairallah mixFeed, second-round candidate NIST lightweight competition. Our actually shows his forgery attack mixFeed succeeds probability 0.44 (with data complexity 220 GB), breaking scheme practice. The same also leads novel ALE, another AEAD scheme. gives efficient ways combine information from first subkeys and last subkeys, order reconstruct corresponding master keys. particular improve impossible differential attacks against AES-128.
منابع مشابه
Transposition of AES Key Schedule
In this paper, we point out a new weakness of the AES key schedule by revisiting an old observation exploited by many known attacks. We also discover a major cause for this weakness is that the column-by-column word-wise property in the key schedule matches nicely with the MixColumns operation in the cipher’s diffusion layer. Then we propose a new key schedule by minor modification to increase ...
متن کاملCombined Attacks on the AES Key Schedule
We present new combined attacks on the AES key schedule based on the work of Roche et al. [16]. The main drawbacks of the original attack are: the need for high repeatability of the fault, a very particular fault model and a very high complexity of the key recovery algorithm. We consider more practical fault models, we obtain improved key recovery algorithms and we present more attack paths for...
متن کاملDifferential Fault Analysis on the AES Key Schedule
This letter proposes a differential fault analysis on the AES key schedule and shows how an entire 128-bit AES key can be retrieved. In the workshop at FDTC 2007, we presented the DFA mechanism on the AES key schedule and proposed general attack rules. Using our proposed rules, we showed an efficient attack that can retrieve 80 bits of the 128-bit key. Recently, we have found a new attack that ...
متن کاملDifferential Fault Analysis on AES Key Schedule and Some Coutnermeasures
This paper describes a DFA attack on the AES key schedule. This fault model assumes that the attacker can induce a single byte fault on the round key. It efficiently finds the key of AES-128 with feasible computation and less than thirty pairs of correct and faulty ciphertexts. Several countermeasures are also proposed. This weakness can be resolved without modifying the structure of the AES al...
متن کاملNew Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough
In this paper we show a new differential fault analysis (DFA) on the AES-128 key scheduling process. We can obtain 96 bits of the key with 2 pairs of correct and faulty ciphertexts enabling an easy exhaustive key search of 2 keys. Furthermore we can retrieve the entire 128 bits with 4 pairs. To the authors’ best knowledge, it is the smallest number of pairs to find the entire AES-128 key with a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2021
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-030-77870-5_3