Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Information Security and Privacy

ACISP 2016: Information Security and Privacy pp 301–316Cite as

Improved Rebound Attacks on AESQ: Core Permutation of CAESAR Candidate PAEQ

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9723))

Abstract

In this paper, we present improved rebound attacks against AESQ permutation that is an underlying permutation of PAEQ authenticated encryption scheme currently discussed in the second round of the CAESAR competition. AESQ is an AES-based permutation. Designers claim that no attack should be found with complexity up to \(2^{256}\) and they have shown a rebound attack against 12 (out of 20) rounds with \(2^{256}\) computational cost and \(2^{256}\) memory. In this paper, we present the first third-party cryptanalysis on AESQ. First, we reduce the complexity of the 12-round attack to \(2^{128}\) computational cost and negligible memory. We then extend the number of rounds and present a 16-round attack with \(2^{192}\) computational cost and \(2^{128}\) memory. Moreover, we discuss time-memory tradeoffs and multiple limited birthday distinguishers. In particular, the time-memory tradeoff is useful for the 12-round attack, which allows us to balance the time and memory complexities to \(2^{102.4}\).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    The designers starts the round index from 0, while we start from 1 in this paper.

References

  1. CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2013). http://competitions.cr.yp.to/caesar.html

  2. Biryukov, A., Khovratovich, D.: PAEQ v1. Submitted to CAESAR (2014). http://competitions.cr.yp.to/round1/paeqv1.pdf

  3. Daemen, J., Rijmen, V.: The Design of Rijndeal: AES - The Advnced Encryption Standard (AES). Springer, New York (2002)

    Book  MATH  Google Scholar 

  4. Dobraunig, C., Eichlseder, M., Mendel, F.: Analysis of the kupyna-256 hash function. In: Peyrin, T. (ed.) Fast Software Encryption. Springer, LNCS (2016)

    Google Scholar 

  5. Dong, L., Wu, W., Wu, S., Zou, J.: Known-key distinguisher on round-reduced 3D block cipher. In: Jung, S., Yung, M. (eds.) WISA 2011. LNCS, vol. 7115, pp. 55–69. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Gilbert, H., Peyrin, T.: Super-sbox cryptanalysis: improved attacks for AES-like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365–383. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Iwamoto, M., Peyrin, T., Sasaki, Y.: Limited-birthday distinguishers for hash functions. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 504–523. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  8. Jean, J., Fouque, P.: Practical near-collisions and collisions on round-reduced ECHO-256 Compression Function. In: Joux, A. (ed.) FSE 2012. LNCS, vol. 6733, pp. 107–127. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  9. Jean, J., Naya-Plasencia, M., Peyrin, T.: Improved rebound attackon the finalist grøstl. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 110–126. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Jean, J., Naya-Plasencia, M., Peyrin, T.: Multiple limited-birthday distinguishers and applications. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 533–550. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  11. Jean, J., Naya-Plasencia, M., Schläffer, M.: Improved analysis of ECHO-256. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 19–36. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  13. Lamberger, M., Mendel, F., Schläffer, M., Rechberger, C., Rijmen, V.: The rebound attack and subspace distinguishers: application to whirlpool. J. Cryptol. 28(2), 257–296 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  14. Matusiewicz, K., Naya-Plasencia, M., Nikolić, I., Sasaki, Y., Schläffer, M.: Rebound attack on the full Lane compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 106–125. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16–35. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced whirlpool and grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Rebound attacks on the reduced grøstl hash function. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 350–365. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  18. Peyrin, T.: Improved differential attacks for ECHO and grøstl. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 370–392. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Sasaki, Y., Li, Y., Wang, L., Sakiyama, K., Ohta, K.: Non-full-active super-sbox analysis: applications to ECHO and grøstl. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 38–55. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  20. Sasaki, Y., Takayanagi, N., Sakiyama, K., Ohta, K.: Experimental verification of super-sbox analysis — confirmation of detailed attack complexity. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 178–192. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Schläffer, M.: Subspace distinguisher for 5/8 rounds of the ECHO-256 hash function. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 369–387. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Acknowledgements

The authors would like to thank the organizers and the participants of ASK 2015 that initiated this work. Part of this work was done while Florian Mendel was visiting NTU and has been supported in part by the Austrian Science Fund (project P26494-N15).

Author information

Authors and Affiliations

  1. IPM, SRTTU, Tehran, Iran

    Nasour Bagheri

  2. Graz University of Technology, Graz, Austria

    Florian Mendel

  3. NTT Secure Platform Laboratories, Tokyo, Japan

    Yu Sasaki

Authors
  1. Nasour Bagheri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Mendel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu Sasaki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu Sasaki .

Editor information

Editors and Affiliations

  1. Monash University , Melbourne, Victoria, Australia

    Joseph K. Liu

  2. Monash University , Melbourne, Victoria, Australia

    Ron Steinfeld

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Bagheri, N., Mendel, F., Sasaki, Y. (2016). Improved Rebound Attacks on AESQ: Core Permutation of CAESAR Candidate PAEQ. In: Liu, J., Steinfeld, R. (eds) Information Security and Privacy. ACISP 2016. Lecture Notes in Computer Science(), vol 9723. Springer, Cham. https://doi.org/10.1007/978-3-319-40367-0_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40367-0_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40366-3

  • Online ISBN: 978-3-319-40367-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation