Abstract
This paper introduces structure to key, in the related-key attack settings. While the idea of structure has been long used in key-recovery attacks against block ciphers to enjoy the birthday effect, the same had not been applied to key materials due to the fact that key structure results in uncontrolled differences in key and hence affects the validity or probabilities of the differential trails. We apply this simple idea to improve the related-key boomerang attack against AES-256 by Biryukov and Khovratovich in 2009. Surprisingly, it turns out to be effective, i.e., both data and time complexities are reduced by a factor of about \(2^8\), to \(2^{92}\) and \(2^{91}\) respectively, at the cost of the amount of required keys increased from 4 to \(2^{19}\). There exist some tradeoffs between the data/time complexity and the number of keys. To the best of our knowledge, this is the first essential improvement of the attack against the full AES-256 since 2009. It will be interesting to see if the structure technique can be applied to other AES-like block ciphers, and to tweaks rather than keys of tweakable block ciphers so the amount of required keys of the attack will not be affected.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Only a few papers are cited here as examples since there are simply too many results.
- 2.
Besides those optimized brute-force style attacks, such as [12].
References
Bao, Z., Guo, J., Iwata, T., Minematsu, K.: ZOCB and ZOTR: Tweakable Blockcipher modes for authenticated encryption with full absorption. IACR Trans. Symmetric Cryptol. 2019(2), 1ā54 (2019)
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123ā153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229ā246 (1994)
Biham, E., Dunkelman, O., Keller, N.: The rectangle attack ā rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340ā357. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_21
Biham, E., Dunkelman, O., Keller, N.: New results on boomerang and rectangle attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1ā16. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45661-9_1
Biham, E., Dunkelman, O., Keller, N.: Related-key boomerang and rectangle attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507ā525. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_30
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2ā21. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_1
Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487ā496. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_34
Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 299ā319. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_15
Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1ā18. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_1
Biryukov, A., Khovratovich, D., NikoliÄ, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231ā249. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_14
Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344ā371. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_19
Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56ā71. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055720
Cid, C., Huang, T., Peyrin, T., Sasaki, Yu., Song, L.: Boomerang connectivity table: a new cryptanalysis tool. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 683ā714. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_22
Daemen, J.: Cipher and Hash function design strategies based on linear and differential cryptanalysis. Ph.D. thesis, Doctoral Dissertation, March 1995, KU Leuven (1995)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Demirci, H., SelƧuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116ā126. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-71039-4_7
Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round , in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371ā387. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_23
Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158ā176. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_10
Ferguson, N., et al.: Improved cryptanalysis of Rijndael. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 213ā230. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44706-7_15
Jean, J., NikoliÄ, I., Peyrin, T.: KIASU v1. Additional first-round candidates of CAESAR compeition (2014)
Jean, J., NikoliÄ, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274ā288. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_15
Jean, J., NikoliÄ, I., Peyrin, T., Seurin, Y.: Deoxys-II. Finalist of CAESAR compeition (2014)
Kelsey, J., Kohno, T., Schneier, B.: Amplified boomerang attacks against reduced-round MARS and serpent. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 75ā93. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44706-7_6
Kim, J., Hong, S., Preneel, B., Biham, E., Dunkelman, O., Keller, N.: Related-key boomerang and rectangle attacks: theory and experimental analysis. IEEE Trans. Inf. Theory 58(7), 4948ā4966 (2012)
Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The related-key rectangle attack ā application to SHACAL-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 123ā136. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_11
Li, L., Jia, K., Wang, X.: Improved single-key attacks on 9-Round AES-192/256. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 127ā146. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_7
Lu, J., Dunkelman, O., Keller, N., Kim, J.: New impossible differential attacks on AES. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 279ā293. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89754-5_22
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386ā397. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_33
Matsui, M.: The first experimental cryptanalysis of the data encryption standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1ā11. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_1
Sasaki, Yu.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378ā396. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_22
Song, L., Qin, X., Hu, L.: Boomerang connectivity table revisited. Application to SKINNY and AES. IACR Trans. Symmetric Cryptol. 2019(1), 118ā141 (2019)
Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156ā170. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48519-8_12
Wang, H., Peyrin, T.: Boomerang switch in multiple rounds. Application to AES variants and deoxys. IACR Trans. Symmetric Cryptol. 2019(1), 142ā169 (2019)
Acknowledgements
This research is partially supported by the Nanyang Technological University in Singapore under Grant 04INS000397C230, Singaporeās Ministry of Education under Grants RG91/20 and MOE2019-T2-1-060, the National Natural Science Foundation of China (Grants 62022036, 62132008, 62172410, 61732021), and the National Key Research and Development Program of China (Grant 2018YFA0704704).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Guo, J., Song, L., Wang, H. (2022). Key Structures: Improved Related-Key Boomerang Attack Against theĀ Full AES-256. In: Nguyen, K., Yang, G., Guo, F., Susilo, W. (eds) Information Security and Privacy. ACISP 2022. Lecture Notes in Computer Science, vol 13494. Springer, Cham. https://doi.org/10.1007/978-3-031-22301-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-22301-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22300-6
Online ISBN: 978-3-031-22301-3
eBook Packages: Computer ScienceComputer Science (R0)