Abstract
In this paper, a new framework is developed for proving and adapting the recently proposed multiple-of-8 property and mixture-differential distinguishers. The above properties are formulated as immediate consequences of an equivalence relation on the input pairs, under which the difference at the output of the round function is invariant. This approach provides a further understanding of these newly developed distinguishers. For example, it clearly shows that the branch number of the linear layer does not influence the validity of the property, on the contrary of what was previously believed. We further provide an extension of the mixture-differential distinguishers and multiple-of-8 property to any SPN and to a larger class of subspaces. These adapted properties can then be exhibited in a systematic way for other ciphers than the AES. We illustrate this with the examples of Midori, Klein, LED and Skinny.
Highlights
The Advanced Encryption Standard (AES) is a block cipher designed by Daemen and Rijmen in 1997 and standardised by the NIST in 2001 [AES01]
Most of the attacks against block ciphers are based on the existence of a distinguisher, that is a non-random property that permits to distinguish within reasonable time and by using reasonable data and memory resources, a reduced-round version of the cipher instantiated with a random secret key from a random permutation
We describe three distinguishers based on subspace trail cryptanalysis in order to have a complete understanding of the context in which our contribution lies
Summary
The Advanced Encryption Standard (AES) is a block cipher designed by Daemen and Rijmen in 1997 and standardised by the NIST in 2001 [AES01]. The aim of our paper is to provide a general formulation of the mixture-differential distinguisher and of the multiple-of-8 property which can be applied in a systematic way to any cipher following the SPN construction It avoids all these redundant proofs which were previously required for each new occurrence of these properties. We show that the mixture-differential distinguishers, and by extension the multiple-of-8 property, revealed in [GRR17, Gra18] are direct consequences of the fact that the difference between two outputs of the AES round function, R(p0) + R(p1), is invariant under an equivalence relation between the plaintext pairs.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
