Abstract
The security of AES-192 against multiple impossible differentials attack is studied in this paper. Based on two types of impossible differentials for 4-round AES, two 7-round attack trails of AES-192 with the same plaintext and ciphertext difference structure are proposed. A new optimum combination of these two attack trails is applied in our attack so that the plaintext pairs can be reused and data complexity can be reduced. Furthermore, this new optimum combination also can reduce the time complexity in the master key recovering phase. Our attack can also reduce the number of subkeys by key schedule considerations. For each attack trail, only 15-byte subkeys need to be guessed. Combined with the master key recovering technique based on the key schedule algorithm, the early abort technique for plaintext pairs, and the sieve method for plaintext pairs based on quick sort etc., we have obtained the best result so far in terms of time complexity for impossible differential cryptanalysis of AES-192. The time, memory, and data complexities are 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">109.2</sup> 7-round AES encryptions, 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">86.5</sup> bytes and 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">106.3</sup> chosen plaintexts, respectively.
Highlights
The Advanced Encryption Standard (AES) [1], which supports 128-bit block size with variable key length (128, 192 and 256 bits), was chosen by NIST from fifteen candidate algorithms and selected as a standard in 2001
We study the security of 7-round AES-192 against multiple impossible differentials attack
Impossible differential attack [2] is a significant method in cryptanalysis for block ciphers
Summary
The Advanced Encryption Standard (AES) [1], which supports 128-bit block size with variable key length (128, 192 and 256 bits), was chosen by NIST from fifteen candidate algorithms and selected as a standard in 2001. We study the security of 7-round AES-192 against multiple impossible differentials attack. Phan proposed an impossible differential attack on 7-round AES-192 which needs to guess 20 subkey bytes. After that, based on the same attack in [4], [5], Lu et al [6] used additional technique (i.e. early abort and key schedule considerations) to reduce time and data complexities, obtaining the best result in terms of time complexity for impossible differential attack on AES-192 until now. Only 15-byte subkeys need to be attacked Using this new optimum combination of these two attack trails, we can reduce the time complexity in the master key recovering phase.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
