Abstract
The ARIA block cipher has been established as a Korean encryption standard by Korean government since 2004. In this work, we re-evaluate the security bound of reduced round ARIA-192 and ARIA-256 against meet-in-the-middle (MITM) key recovery attacks in the single key model. We present a new 4-round distinguisher to demonstrate the best 7 & 8 round MITM attacks on ARIA-192/256. Our 7-round attack on ARIA-192 has data, time and memory complexity of \(2^{113}\), \(2^{135.1}\) and \(2^{130}\) respectively. For our 7-round attack on ARIA-256, the data/time/memory complexities are \(2^{115}\), \(2^{136.1}\) and \(2^{130}\) respectively. These attacks improve upon the previous best MITM attack on the same in all the three dimensions. Our 8-round attack on ARIA-256 requires \(2^{113}\) cipher calls and has time and memory complexity of \(2^{245.9}\) and \(2^{138}\) respectively. This improves upon the previous best MITM attack on ARIA-256 in terms of time as well as memory complexity. Further, in our attacks, we are able to recover the actual secret key unlike the previous cryptanalytic attacks existing on ARIA-192/256. To the best of our knowledge, this is the first actual key recovery attack on ARIA so far. We apply multiset attack - a variant of meet-in-the-middle attack to achieve these results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Random differences in 16-bytes of \(\varDelta Y_3\) yield random differences in the 7 active bytes of \(\varDelta X_4\) which in turn lead to random differences in the active bytes of \(\varDelta Y_4\). The probability that these random differences in the 7-bytes of \(\varDelta Y_4\) are equal is \(2^{-48}\).
- 2.
One structure has \(2^{56} \times 2^{55}\) = \(2^{111}\) plaintext pairs. Therefore, \(2^{57}\) structures have \(2^{57 + 111}\) = \(2^{168}\) plaintext pairs.
- 3.
Encrypt the chosen right pair message to one full round using \(k_1\)[3, 4, 6, 8, 9, 13, 14] and compute \(Z_1\)[0]. Xor other \(Z_1\)[0] byte with 255 other values and decrypt them back to obtain the other plaintexts.
- 4.
Note that the probability of randomly having a match is \(2^{-467.6}\) and not \(2^{-505.17}\) since the number of ordered sequences associated with a multiset is not constant  [7].
- 5.
The normalization factor of \(2^{-1.9}\) is calculated by calculating the ratio of number of S-Box operations required in the precomputation phase to the total number of S-Box operations performed in 7-Round ARIA encryption. Similarly all other normalization factors have been calculated.
References
Biryukov, A., De Canniere, C., Lano, J., Ors, S.B., Preneel, B.: Security and performance analysis of ARIA, version 1.2. Technical report, Katholieke Universiteit Leuven, Belgium (2004). http://www.cosic.esat.kuleuven.be/publications/article-500.pdf
De Cannière, C.: Analysis and Design of Symmetric Encryption Algorithms. PhD thesis, Katholieke Universiteit Leuven, Belgium, May 2007
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002)
Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008)
Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013)
Du, C., Chen, J.: Impossible differential cryptanalysis of ARIA reduced to 7 Rounds. In: Heng, S.-H., Wright, R.N., Goi, B.-M. (eds.) CANS 2010. LNCS, vol. 6467, pp. 20–30. Springer, Heidelberg (2010)
Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. J. Cryptology 28(3), 397–422 (2015)
Fleischmann, E., Forler, C., Gorski, M., Lucks, S.: New boomerang attacks on ARIA. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 163–175. Springer, Heidelberg (2010)
Korean Agency for Technology and Standards. 128 bit block encryption algorithm ARIA - Part 1: General (in Korean). KS X 1213-1:2009, December 2009
Kim, W.-H., Lee, J., Park, J.-H., Kwon, D.: Addition of the ARIA Cipher Suites to Transport Layer Security (TLS). RFC 6209, April 2011. https://tools.ietf.org/html/rfc6209
Kwon, D., Kim, J., Lee, J., Lee, J., Kim, C.: A Description of the ARIA Encryption Algorithm. RFC 5794, March 2010. https://tools.ietf.org/html/rfc5794
Kwon, D., et al.: New block cipher: ARIA. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971. Springer, Heidelberg (2004)
RSA Laboratories. Additional PKCS #11 Mechanisms. PKCS #11 v2.20 Amendment 3 Revision 1, January 2007
Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)
Li, R., Sun, B., Zhang, P., Li, C.: New impossible differential cryptanalysis of ARIA. IACR Cryptology ePrint Archive, 2008:227 (2008). http://eprint.iacr.org/2008/227
Li, Y., Wu, W., Zhang, L.: Integral attacks on reduced-round ARIA block cipher. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds.) ISPEC 2010. LNCS, vol. 6047, pp. 19–29. Springer, Heidelberg (2010)
Tang, X., Sun, B., Li, R., Li, C., Yin, J.: A meet-in-the-middle attack on reduced-round ARIA. J. Syst. Softw. 84(10), 1685–1692 (2011)
Wenling, W., Zhang, W., Feng, D.: Impossible differential cryptanalysis of reduced-round ARIA and camellia. J. Comput. Sci. Technol. 22(3), 449–456 (2007)
Z’aba, M.R.: Analysis of linear relationships in block ciphers. Master’s thesis, Queensland University of Technology, May 2010
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Akshima, Chang, D., Ghosh, M., Goel, A., Sanadhya, S.K. (2015). Improved Meet-in-the-Middle Attacks on 7 and 8-Round ARIA-192 and ARIA-256. In: Biryukov, A., Goyal, V. (eds) Progress in Cryptology -- INDOCRYPT 2015. INDOCRYPT 2015. Lecture Notes in Computer Science(), vol 9462. Springer, Cham. https://doi.org/10.1007/978-3-319-26617-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-26617-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26616-9
Online ISBN: 978-3-319-26617-6
eBook Packages: Computer ScienceComputer Science (R0)