Related-Key Differential Analysis of the AES
The Advanced Encryption Standard (AES) is considered to be the most important and widely deployed symmetric primitive. While the cipher was designed to be immune against differential and other classical attacks, this immunity does not hold in the related-key setting, and various related-key attacks...
Saved in:
| Published in | IACR Transactions on Symmetric Cryptology Vol. 2023; no. 4; pp. 215 - 243 |
|---|---|
| Main Authors | , , |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr Universität Bochum
08.12.2023
Ruhr-Universität Bochum |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | The Advanced Encryption Standard (AES) is considered to be the most important and widely deployed symmetric primitive. While the cipher was designed to be immune against differential and other classical attacks, this immunity does not hold in the related-key setting, and various related-key attacks have appeared over time. This work presents tools and algorithms to search for related-key distinguishers and attacks of differential nature against the AES. First, we propose two entirely different approaches to find optimal truncated differential characteristics and bounds on the minimum number of active S-boxes for all variants of the AES. In the first approach, we propose a simple MILP model that handles better linear inconsistencies with respect to the AES system of equations and that compares particularly well to previous tool-based approaches to solve this problem. The main advantage of this tool is that it can easily be used as the core algorithm to search for any attack on AES exploiting related-key differentials. Then, we design a fast and low-memory algorithm based on dynamic programming that has a very simple to understand complexity analysis and does not depend on any generic solver. This second algorithm provides us useful insight on the related-key differential search problem for AES and shows that the search space is not as big as one would expect. Finally, we build on the top of our MILP model a fully automated tool to search for the best differential MITM attacks against the AES. We apply our tool on AES-256 and find an attack on 13 rounds with only two related keys. This attack can be seen as the best known cryptanalysis against this variant if only 2 related keys are permitted. |
|---|---|
| AbstractList | The Advanced Encryption Standard (AES) is considered to be the most important and widely deployed symmetric primitive. While the cipher was designed to be immune against differential and other classical attacks, this immunity does not hold in the related-key setting, and various related-key attacks have appeared over time. This work presents tools and algorithms to search for related-key distinguishers and attacks of differential nature against the AES. First, we propose two entirely different approaches to find optimal truncated differential characteristics and bounds on the minimum number of active S-boxes for all variants of the AES. In the first approach, we propose a simple MILP model that handles better linear inconsistencies with respect to the AES system of equations and that compares particularly well to previous tool-based approaches to solve this problem. The main advantage of this tool is that it can easily be used as the core algorithm to search for any attack on AES exploiting related-key differentials. Then, we design a fast and low-memory algorithm based on dynamic programming that has a very simple to understand complexity analysis and does not depend on any generic solver. This second algorithm provides us useful insight on the related-key differential search problem for AES and shows that the search space is not as big as one would expect. Finally, we build on the top of our MILP model a fully automated tool to search for the best differential MITM attacks against the AES. We apply our tool on AES-256 and find an attack on 13 rounds with only two related keys. This attack can be seen as the best known cryptanalysis against this variant if only 2 related keys are permitted. |
| Author | Funk, Margot Boura, Christina Derbez, Patrick |
| Author_xml | – sequence: 1 givenname: Christina surname: Boura fullname: Boura, Christina – sequence: 2 givenname: Patrick surname: Derbez fullname: Derbez, Patrick – sequence: 3 givenname: Margot surname: Funk fullname: Funk, Margot |
| BackLink | https://hal.science/hal-04346377$$DView record in HAL |
| BookMark | eNqFkF1LwzAUhoNMcM79BemtYGtykiYNeDPmdMOB4Ad4F9I0cRm1lSYM9u_tNgX1xqtzOJz3g-cUDZq2sQidE5wxnhf8KrbBZBvAQDPPMiB5CoweoSHkRKZE0NfBj_0EjUNYY4yhkJQzOUSXj7bW0Vbpvd0mN94529kmel0nk0bX2-BD0rokrmwymT2doWOn62DHX3OEXm5nz9N5uny4W0wny9QwTGMqtCYOgDthGK9yyoR21mKqbVFa2ZdhnDpLBSHcQInBMimpy6mEAmjlCB2hxcG3avVafXT-XXdb1Wqv9oe2e1O6i97UVgEtS8ZMr2WCYdAlgUqKSkoDQMqc9V4XB6-Vrn9ZzSdLtbthRvs-Qmx2udeHX9O1IXTWKeOjjr5tYqd9rQhWe-hqB13toSvPVA9d9dB7Of8j_877R_gJ-h-HPg |
| CitedBy_id | crossref_primary_10_1088_1402_4896_ad9867 |
| ContentType | Journal Article |
| Copyright | Attribution |
| Copyright_xml | – notice: Attribution |
| DBID | AAYXX CITATION 1XC VOOES DOA |
| DOI | 10.46586/tosc.v2023.i4.215-243 |
| DatabaseName | CrossRef Hyper Article en Ligne (HAL) Hyper Article en Ligne (HAL) (Open Access) DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 2519-173X |
| EndPage | 243 |
| ExternalDocumentID | oai_doaj_org_article_23bb44c39247402ab12d97d99c221b54 oai_HAL_hal_04346377v1 10_46586_tosc_v2023_i4_215_243 |
| GroupedDBID | AAYXX ADBBV ALMA_UNASSIGNED_HOLDINGS BCNDV CITATION GROUPED_DOAJ 1XC VOOES |
| ID | FETCH-LOGICAL-c403t-7aa1f226f7c46d5347afee03ae8be9251463fe37116c2b02e4993f5392823df13 |
| IEDL.DBID | DOA |
| ISSN | 2519-173X |
| IngestDate | Wed Aug 27 01:21:41 EDT 2025 Wed Jul 23 06:31:55 EDT 2025 Thu Apr 24 23:08:25 EDT 2025 Tue Jul 01 03:41:35 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 4 |
| Keywords | differential MITM attack dynamic programming MILP differential related-key security AES |
| Language | English |
| License | http://creativecommons.org/licenses/by/4.0 Attribution: http://creativecommons.org/licenses/by |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c403t-7aa1f226f7c46d5347afee03ae8be9251463fe37116c2b02e4993f5392823df13 |
| OpenAccessLink | https://doaj.org/article/23bb44c39247402ab12d97d99c221b54 |
| PageCount | 29 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_23bb44c39247402ab12d97d99c221b54 hal_primary_oai_HAL_hal_04346377v1 crossref_citationtrail_10_46586_tosc_v2023_i4_215_243 crossref_primary_10_46586_tosc_v2023_i4_215_243 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2023-12-08 |
| PublicationDateYYYYMMDD | 2023-12-08 |
| PublicationDate_xml | – month: 12 year: 2023 text: 2023-12-08 day: 08 |
| PublicationDecade | 2020 |
| PublicationTitle | IACR Transactions on Symmetric Cryptology |
| PublicationYear | 2023 |
| Publisher | Ruhr Universität Bochum Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr Universität Bochum – name: Ruhr-Universität Bochum |
| SSID | ssj0002893649 |
| Score | 2.2746873 |
| Snippet | The Advanced Encryption Standard (AES) is considered to be the most important and widely deployed symmetric primitive. While the cipher was designed to be... |
| SourceID | doaj hal crossref |
| SourceType | Open Website Open Access Repository Enrichment Source Index Database |
| StartPage | 215 |
| SubjectTerms | AES Computer Science Cryptography and Security differential MITM attack differential related-key security dynamic programming MILP |
| Title | Related-Key Differential Analysis of the AES |
| URI | https://hal.science/hal-04346377 https://doaj.org/article/23bb44c39247402ab12d97d99c221b54 |
| Volume | 2023 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09T8MwELUQEwsCAaJ8KUKMuI3tc5yMBVpVfC1QqZvlOLYoQi2CUol_z9lJq3bqwmrZSfwuyXsXO-8IuaosZ2C4pKjGOSYohaW59yWVCiqfOaSUaJn_9JwNhnA_kqOVUl9hT1htD1wD1-GiLAEs0jgozHVMyXhVqKooLOeslNEJFDlvJZl6r5fPRAZF_UswIMtmndn027bnoVp4ewxtZDrKQayxUTTtR455W3xTjRzT3yO7jThMuvVF7ZMtNzkg13G_mqvog_tN7pp6JvhcYr_GUCSZ-gR1XNLtvRySYb_3ejugTY0DaiEVM6qMYR4lkFcWskoKUMY7lwrj8tIVKD4gE94JxVhmeZlyhxmK8BLhyLmoPBNHZHsynbhjktgCw4HvLsdNASIHo_LMhFW1yqVeWtkicjFXbRsD8FCH4kNjIhAx0gEjHTHSY9CIkUaMWqSzHPdZW2BsHHEToFz2DhbWsQEDq5vA6k2BbZFLDMTaMQbdRx3aUhAIi1JzdvIfZzolO2ECcZNKfka2Z18_7hylxqy8iHfVH1ukyyc |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Related-Key+Differential+Analysis+of+the+AES&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Boura%2C+Christina&rft.au=Derbez%2C+Patrick&rft.au=Funk%2C+Margot&rft.date=2023-12-08&rft.pub=Ruhr+Universit%C3%A4t+Bochum&rft.issn=2519-173X&rft.eissn=2519-173X&rft.volume=2023&rft.issue=4&rft.spage=215&rft.epage=243&rft_id=info:doi/10.46586%2Ftosc.v2023.i4.215-243&rft.externalDBID=HAS_PDF_LINK&rft.externalDocID=oai_HAL_hal_04346377v1 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2519-173X&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2519-173X&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2519-173X&client=summon |