Exhausting Dmirci-Selçuk meet-in-the-middle attacks against reduced-round AES. (English) Zbl 1321.94053

Moriai, Shiho (ed.), Fast software encryption. 20th international workshop, FSE 2013, Washington, DC, USA, March 11–13, 2013. Revised selected papers. Berlin: Springer (ISBN 978-3-662-43932-6/pbk; 978-3-662-43933-3/ebook). Lecture Notes in Computer Science 8424, 541-560 (2014).
Summary: In this paper, we revisit H. Demirci and A. A. Selçuk’s meet-in-the-middle attacks on AES [FSE 2008, Lect. Notes Comput. Sci. 5086, 116–126 (2008; Zbl 1154.68391)]. We find a way to automatically model SPN block cipher and meet-in-the-middle attacks that allows to perform exhaustive search of this kind of attacks. This search uses the tool developed by C. Bouillaguet et al. at Crypto 2011 [Lect. Notes Comput. Sci. 6841, 169–187 (2011; Zbl 1287.94056)] as a subroutine to solve specific systems. We also take into account ideas introduced by O. Dunkelman, N. Keller and A. Shamir at ASIACRYPT 2010 [Lect. Notes Comput. Sci. 6477, 158–176 (2010; Zbl 1253.94045)] which can be seen as a new tradeoff of the classical time/memory tradeoff used by Demirci and Selçuk. As a result, we automatically recover all the recent improved attacks of the authors and J. Jean on AES [Eurocrypt 2013, Lect. Notes Comput. Sci. 7881, 371–387 (2013; Zbl 1306.94044)] and we show new improved attacks against 8-rounds of {AES-192} and {AES-256}.
For the entire collection see [Zbl 1318.68032].


94A60 Cryptography
Full Text: DOI


[1] Biham, E., Keller, N.: Cryptanalysis of Reduced Variants of Rijndael. Technical report, Computer Science Department, Technion - Israel Institute of Technology (2000)
[2] Biryukov, A.; Dunkelman, O.; Keller, N.; Khovratovich, D.; Shamir, A.; Gilbert, H., Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds, Advances in Cryptology - EUROCRYPT 2010, 299-319 (2010), Heidelberg: Springer, Heidelberg · Zbl 1280.94040
[3] Biryukov, A.; Khovratovich, D.; Matsui, M., Related-key cryptanalysis of the full AES-192 and AES-256, Advances in Cryptology - ASIACRYPT 2009, 1-18 (2009), Heidelberg: Springer, Heidelberg · Zbl 1267.94041
[4] Biryukov, A.; Khovratovich, D.; Nikolić, I.; Halevi, S., Distinguisher and related-key attack on the full AES-256, Advances in Cryptology - CRYPTO 2009, 231-249 (2009), Heidelberg: Springer, Heidelberg · Zbl 1252.94051
[5] Biryukov, A.; Nikolić, I.; Gilbert, H., Automatic search for related-key differential characteristics in byte-oriented block ciphers: application to AES, camellia, khazad and others, Advances in Cryptology - EUROCRYPT 2010, 322-344 (2010), Heidelberg: Springer, Heidelberg · Zbl 1280.94041
[6] Bogdanov, A.; Khovratovich, D.; Rechberger, C.; Lee, DH; Wang, X., Biclique cryptanalysis of the full AES, Advances in Cryptology - ASIACRYPT 2011, 344-371 (2011), Heidelberg: Springer, Heidelberg · Zbl 1227.94032
[7] Bouillaguet, C.; Derbez, P.; Dunkelman, O.; Fouque, PA; Keller, N.; Rijmen, V., Low-data complexity attacks on AES, IEEE Trans. Inf. Theor., 58, 11, 7002-7017 (2012) · Zbl 1364.94525
[8] Bouillaguet, C.; Derbez, P.; Fouque, P-A; Rogaway, P., Automatic search of attacks on round-reduced AES and applications, Advances in Cryptology - CRYPTO 2011, 169-187 (2011), Heidelberg: Springer, Heidelberg · Zbl 1287.94056
[9] Daemen, J., Rijmen, V.: AES proposal: Rijndael (1998) · Zbl 1065.94005
[10] Demirci, H.; Selçuk, AA; Nyberg, K., A meet-in-the-middle attack on 8-round AES, Fast Software Encryption, 116-126 (2008), Heidelberg: Springer, Heidelberg · Zbl 1154.68391
[11] Derbez, P., Fouque, P.A., Jean, J.: Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting (2013) (To appear). http://eprint.iacr.org/ · Zbl 1306.94044
[12] Derbez, P.; Fouque, P-A; Leresteux, D.; Preneel, B.; Takagi, T., Meet-in-the-middle and impossible differential fault analysis on AES, Cryptographic Hardware and Embedded Systems - CHES 2011, 274-291 (2011), Heidelberg: Springer, Heidelberg
[13] Dunkelman, O.; Keller, N.; Shamir, A.; Abe, M., Improved single-key attacks on 8-round AES-192 and AES-256, Advances in Cryptology - ASIACRYPT 2010, 158-176 (2010), Heidelberg: Springer, Heidelberg · Zbl 1253.94045
[14] Ferguson, N.; Kelsey, J.; Lucks, S.; Schneier, B.; Stay, M.; Wagner, D.; Whiting, DL; Schneier, B., Improved cryptanalysis of rijndael, Fast Software Encryption, 213-230 (2001), Heidelberg: Springer, Heidelberg · Zbl 0994.68631
[15] Gilbert, H., Minier, M.: A collision attack on 7 rounds of Rijndael. In: AES Candidate Conference, pp. 230-241 (2000)
[16] Lu, J.; Dunkelman, O.; Keller, N.; Kim, J-S; Chowdhury, DR; Rijmen, V.; Das, A., New impossible differential attacks on AES, Progress in Cryptology - INDOCRYPT 2008, 279-293 (2008), Heidelberg: Springer, Heidelberg · Zbl 1203.94113
[17] Mala, H.; Dakhilalian, M.; Rijmen, V.; Modarres-Hashemi, M.; Gong, G.; Gupta, CK, Improved impossible differential cryptanalysis of 7-round AES-128, Progress in Cryptology - INDOCRYPT 2010, 282-291 (2010), Heidelberg: Springer, Heidelberg · Zbl 1253.94060
[18] NIST: Advanced Encryption Standard (AES), FIPS 197. Technical report, NIST, November 2001
[19] Wei, Y.; Lu, J.; Hu, Y.; Bao, F.; Weng, J., Meet-in-the-middle attack on 8 rounds of the AES block cipher under 192 key bits, Information Security Practice and Experience, 222-232 (2011), Heidelberg: Springer, Heidelberg · Zbl 1292.94151
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.