Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES
At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES - based on the “multiple-of-8” property - has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems rather hard to implement a key-recovery attack different than brute-force like usin...
Saved in:
| Published in | IACR Transactions on Symmetric Cryptology pp. 133 - 160 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr-Universität Bochum
01.06.2018
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2519-173X |
| DOI | 10.13154/tosc.v2018.i2.133-160 |
Cover
Loading…
| Abstract | At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES - based on the “multiple-of-8” property - has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems rather hard to implement a key-recovery attack different than brute-force like using such a distinguisher. In this paper we introduce “Mixture Differential Cryptanalysis” on round-reduced AESlike ciphers, a way to translate the (complex) “multiple-of-8” 5-round distinguisher into a simpler and more convenient one (though, on a smaller number of rounds). Given a pair of chosen plaintexts, the idea is to construct new pairs of plaintexts by mixing the generating variables of the original pair of plaintexts. Here we theoretically prove that for 4-round AES the corresponding ciphertexts of the original pair of plaintexts lie in a particular subspace if and only if the corresponding pairs of ciphertexts of the new pairs of plaintexts have the same property. Such secret-key distinguisher - which is independent of the secret-key, of the details of the S-Box and of the MixColumns matrix (except for the branch number equal to 5) - can be used as starting point to set up new key-recovery attacks on round-reduced AES. Besides a theoretical explanation, we also provide a practical verification both of the distinguisher and of the attack. |
|---|---|
| AbstractList | At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES - based on the “multiple-of-8” property - has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems rather hard to implement a key-recovery attack different than brute-force like using such a distinguisher. In this paper we introduce “Mixture Differential Cryptanalysis” on round-reduced AESlike ciphers, a way to translate the (complex) “multiple-of-8” 5-round distinguisher into a simpler and more convenient one (though, on a smaller number of rounds). Given a pair of chosen plaintexts, the idea is to construct new pairs of plaintexts by mixing the generating variables of the original pair of plaintexts. Here we theoretically prove that for 4-round AES the corresponding ciphertexts of the original pair of plaintexts lie in a particular subspace if and only if the corresponding pairs of ciphertexts of the new pairs of plaintexts have the same property. Such secret-key distinguisher - which is independent of the secret-key, of the details of the S-Box and of the MixColumns matrix (except for the branch number equal to 5) - can be used as starting point to set up new key-recovery attacks on round-reduced AES. Besides a theoretical explanation, we also provide a practical verification both of the distinguisher and of the attack. |
| Author | Lorenzo Grassi |
| Author_xml | – sequence: 1 fullname: Lorenzo Grassi organization: IAIK, Graz University of Technology |
| BookMark | eNotkMlOwzAYhC0EEqX0FZBfIMVrk3CrSoFKBQ6AxC3646V1CXZku0DfnrCcRjPfaA5zho598AahC0qmlFMpLnNIavrBCK2mjg0ZL-iMHKERk7QuaMlfT9EkpR0hhFU1n4l6hMy9-8r7aPC1s9ZE47ODDi_ioc_goTskl64w4Afzied9HwOoLc5haKfs_Gbv0tbEhMFrPM8Z1FvCweMY9l4X0ei9MgNYPp2jEwtdMpN_HaOXm-Xz4q5YP96uFvN1oamkuaCVhpYDN9IyW1kBpeCCMEE4qYiqZkwJUbJag4SWtpyoVihLwQ6oLqVWfIxWf7s6wK7po3uHeGgCuOY3CHHTQMxOdaZhgnNZti01JReWCjBW1PLHtcM31vJv5MVoig |
| ContentType | Journal Article |
| DBID | DOA |
| DOI | 10.13154/tosc.v2018.i2.133-160 |
| DatabaseName | DOAJ Directory of Open Access Journals |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2519-173X |
| EndPage | 160 |
| ExternalDocumentID | oai_doaj_org_article_243357bb1e734f14aef4951e73b893ff |
| GroupedDBID | ADBBV ALMA_UNASSIGNED_HOLDINGS BCNDV GROUPED_DOAJ |
| ID | FETCH-LOGICAL-d151t-18dab3a3e5f2f8f4a743402403080c862c44729da5ab1b30cb4cf1afc86975dc3 |
| IEDL.DBID | DOA |
| IngestDate | Wed Aug 27 01:15:14 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-d151t-18dab3a3e5f2f8f4a743402403080c862c44729da5ab1b30cb4cf1afc86975dc3 |
| OpenAccessLink | https://doaj.org/article/243357bb1e734f14aef4951e73b893ff |
| PageCount | 28 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_243357bb1e734f14aef4951e73b893ff |
| PublicationCentury | 2000 |
| PublicationDate | 2018-06-01 |
| PublicationDateYYYYMMDD | 2018-06-01 |
| PublicationDate_xml | – month: 06 year: 2018 text: 2018-06-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationTitle | IACR Transactions on Symmetric Cryptology |
| PublicationYear | 2018 |
| Publisher | Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr-Universität Bochum |
| SSID | ssj0002893649 |
| Score | 2.2938507 |
| Snippet | At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES - based on the “multiple-of-8” property - has been presented. Although it allows to... |
| SourceID | doaj |
| SourceType | Open Website |
| StartPage | 133 |
| SubjectTerms | AES Key-Recovery Attack Mixture Differential Cryptanalysis Secret-Key Distinguisher Subspace Trail Cryptanalysis Truncated Differential |
| Title | Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES |
| URI | https://doaj.org/article/243357bb1e734f14aef4951e73b893ff |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1NS8NAEF2kJy-iqPjNHrxu281smtRbrS1FqBct9Bb2EyqSlDQt-u-d6ebQmxeP2Q0hzJB9bzIzbxh7tC5zyAJykUvphRr2U0HJMAEhpzSb1iqn5uT522C2UK_LdHkw6otqwqI8cDRcL1EAaWaM9BmoIJX2ATk9XRmE2hDo9EXMOwimPmP6DAZq2LYEA_KEXlNtbHeHeJd3VwmugZCkS3mg1L-HlOkpO2m5IB_FdzhjR748Z36--qa_-vylHV2Cn-AXH9c_a6RxUUDkiWuOhxMftXrgvKnw7g0VMG9jiTvXpeOjpqEGel6VvKbhSaImmVaPG5P3C7aYTj7GM9HOQhAOMbkRMnfagAafhiTkQWlEfkX6ZICUz2JYYpVCnux0qo000LdG2SB1wK1hljoLl6xTVqW_YhyCBhOcS1I0pwuZ8UhpMLBwGtBoA3vNnskmxTrKXRQkQL1fQLcUrVuKv9xy8x8PuWXH5K9YmXXHOk299ffIARrzsHf3LzdJr_Y |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Mixture+Differential+Cryptanalysis%3A+a+New+Approach+to+Distinguishers+and+Attacks+on+round-reduced+AES&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Lorenzo+Grassi&rft.date=2018-06-01&rft.pub=Ruhr-Universit%C3%A4t+Bochum&rft.eissn=2519-173X&rft.spage=133&rft.epage=160&rft_id=info:doi/10.13154%2Ftosc.v2018.i2.133-160&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_243357bb1e734f14aef4951e73b893ff |