MixColumns Properties and Attacks on (round-reduced) AES with a Single Secret S-Box
نویسنده
چکیده
In this paper, we present new key-recovery attacks on AES with a single secret S-Box. Several attacks for this model have been proposed in literature, the most recent ones at Crypto’16 and FSE’17. Both these attacks exploit a particular property of the MixColumns matrix to recover the secret-key. In this work, we show that the same attacks work exploiting a weaker property of the MixColumns matrix. As first result, this allows to (largely) increase the number of MixColumns matrices for which it is possible to set up all these attacks. As a second result, we present new attacks on 5round AES with a single secret S-Box that exploit the new multiple-of-n property recently proposed at Eurocrypt’17. This property is based on the fact that choosing a particular set of plaintexts, the number of pairs of ciphertexts that lie in a particular subspace is a multiple of n.
منابع مشابه
Subspace Trail Cryptanalysis and its Applications to AES
We introduce subspace trail cryptanalysis, a generalization of invariant subspace cryptanalysis. With this more generic treatment of subspaces we do no longer rely on specific choices of round constants or subkeys, and the resulting method is as such a potentially more powerful attack vector. Interestingly, subspace trail cryptanalysis in fact includes techniques based on impossible or truncate...
متن کاملThe Effects of the Omission of Last Round's MixColumns on AES
The Advanced Encryption Standard (AES) is the most widely deployed block cipher. It follows the modern iterated block cipher approach, iterating a simple round function multiple times. The last round of AES slightly differs from the others, as a linear mixing operation (called MixColumns) is omitted from it. Following a statement of the designers, it is widely believed that the omission of the ...
متن کاملTotal break of Zorro using linear and differential attacks
An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wa...
متن کاملOn the Order of Round Components in the AES
This paper analyses all 24 possible round constructions using different combinations of the four round components of the AES cipher: SubBytes, ShiftRows, AddRoundKey and MixColumns. We investigate how the different round orderings affect the security of AES against differential, linear, multiset, impossible differential and boomerang attacks. The cryptographic strenght of each cipher variant wa...
متن کاملImproved Related-Key Impossible Differential Attacks on Reduced-Round AES-192
In this paper, we present several new related-key impossible differential attacks on 7and 8-round AES-192, following the work of Eli Biham and Orr Dunkelman et al. [1]. We choose another relation of the two related keys, start attacks from the very beginning(instead of the third round in [1]) so as to improve the data and time complexities of their attacks. Furthermore, we point out and correct...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017