Cryptanalysis of Ciphers Based on AES Structure

AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). Our present work investigates the recently reported attacks on AES 256 and AES 192. Instead of concentrating on the actual algorithms of these attacks we shall be more interested in the question, what makes AES 256 so vulnerable to these related key attacks which are all based on a common concept. Additionally we seek an informal answer to the very relevant query that how much vulnerable is the most used variant of AES, namely AES 128, against these kind of cryptanalysis. Next we try to use the related key based cryptanalytic techniques on some other cipher. For this purpose we choose a stream cipher based on the AES structure. In [4], Biryukov presented a new methodology of stream cipher design, called Leak Extraction. The stream cipher LEX, based on this methodology and on the AES block cipher, was selected to phase 3 of the eSTREAM competition. The suggested methodology seemed promising, and LEX, due to its elegance, simplicity and performance was expected to be selected to the eSTREAM portfolio. However [10] suggests a key recovery attack on LEX. The attack requires about 2 bytes of key-stream produced by the same key (possibly under many different IVs), and retrieves the secret key in time of 2 simple operations. In this work we explored LEX further and have shown that under the assumption that we get hold of key streams generated by two related keys and four specially engineered IVs we can predict the bytes of the keystream generated by LEX with probability 1 in time of approximately 2 operations. We have extended this observation to derive some secret intermediate state bytes of LEX in a related key based attack model. Then we suggest an improvement in the design of LEX. We show that this improved version of LEX is protected against all existing attacks. Lastly we have used the methodology of Leak Extraction on another AES finalist SERPENT. This creates LESERP, a new stream cipher.