Security of the AES with a Secret S-Box
نویسندگان
چکیده
How does the security of the AES change when the S-box is replaced by a secret S-box, about which the adversary has no knowledge? Would it be safe to reduce the number of encryption rounds? In this paper, we demonstrate attacks based on integral cryptanalysis which allow to recover both the secret key and the secret S-box for respectively four, five, and six rounds of the AES. Despite the significantly larger amount of secret information which an adversary needs to recover, the attacks are very efficient with time/data complexities of 217/216, 238/240 and 290/264, respectively. Another interesting aspect of our attack is that it works both as chosen plaintext and as chosen ciphertext attack. Surprisingly, the chosen ciphertext variant has a significantly lower time complexity in the attacks on four and five round, compared to the respective chosen plaintext attacks.
منابع مشابه
Hardware Implementation of Dynamic S-BOX to Use in AES Cryptosystem
One of the major cipher symmetric algorithms is AES. Its main feature is to use S-BOX step, which is the only non-linear part of this standard possessing fixed structure. During the previous studies, it was shown that AES standard security was increased by changing the design concepts of S-BOX and production of dynamic S-BOX. In this paper, a change of AES standard security is studied by produc...
متن کاملSubspace Trail Cryptanalysis and its Applications to AES
We introduce subspace trail cryptanalysis, a generalization of invariant subspace cryptanalysis. With this more generic treatment of subspaces we do no longer rely on specific choices of round constants or subkeys, and the resulting method is as such a potentially more powerful attack vector. Interestingly, subspace trail cryptanalysis in fact includes techniques based on impossible or truncate...
متن کاملDynamic AES-128 with Key-Dependent S-box
Advanced Encryption Standard (AES) block cipher system is widely used in cryptographic applications. The main core of AES block cipher is the substitution table or SBox. This S-box is used to provide confusion capability for AES. The aim of this paper is to design dynamic S-box which depends on the secret key. The parameters of the new created SBOXes have characteristics equal to those in the o...
متن کاملMultilateral White-Box Cryptanalysis: Case study on WB-AES of CHES Challenge 2016
The security requirement of white-box cryptography (WBC) is that it should protect the secret key from a white-box security model that permits an adversary who is able to entirely control the execution of the cryptographic algorithm and its environment. It has already been demonstrated that most of the WBCs are vulnerable to algebraic attacks from a white-box security perspective. Recently, a n...
متن کاملMultilateral White-Box Cryptanalysis
Security requirement of White-Box Cryptography (WBC) is that it should protect secret key from white-box security model permits an adversary who is able to entirely control execution of the cryptographic algorithm and its environment. It has already been demonstrated that most of the primitive is vulnerable to algebraic attacks in the white-box security perspective. In recently, a new Different...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015