Skip to main content
Springer Nature Link
Log in

Key Collisions on AES and Its Applications

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2024 (ASIACRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15490))

  • 476 Accesses

Abstract

In this paper, we explore a new type of key collisions called target-plaintext key collisions of AES, which emerge as an open problem in the key committing security and are directly converted into single-block collision attacks on Davies-Meyer (DM) hashing mode. For this key collision, a ciphertext collision is uniquely observed when a specific plaintext is encrypted under two distinct keys. We introduce an efficient automatic search tool that leverages bit-wise behaviors of differential characteristics and dependencies among operations and internal variables. As a result, we demonstrate single-block collision attacks on 2/5/6-round AES-128/192/256-DM and semi-free-start collision attacks on 5/7/9-round AES-128/192/256-DM, respectively. Furthermore, by exploiting a specific class of free-start collisions with our tool, we present two-block collision attacks on 3/9-round AES-128/256-DM, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://ptolemy.berkeley.edu/projects/embedded/pubs/downloads/espresso/index.htm.

  2. 2.

    https://github.com/shaowei-cai-group/ParKissat-RS.

  3. 3.

    https://www.sagemath.org.

  4. 4.

    The results are shown as (semi-free-start) collision attacks on AES-128/192-DM. As described in Sect. 6.1, fixed-target-plaintext key collisions and free-target-plaintext key collisions on AES-128/192 are naturally converted into one-block collision and semi-free collision attacks on AES-128/192-DM.

References

  1. Albertini, A., Duong, T., Gueron, S., Kölbl, S., Luykx, A., Schmieg, S.: How to abuse and fix authenticated encryption without key commitment. In: Butler, K.R.B., Thomas, K. (eds.) 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022. pp. 3291–3308. USENIX Association (2022), https://www.usenix.org/conference/usenixsecurity22/presentation/albertini

  2. Aumasson, J., Jr., J.N., Sepehrdad, P.: Cryptanalysis of the ISDB scrambling algorithm (MULTI2). In: Dunkelman, O. (ed.) Fast Software Encryption, 16th International Workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009, Revised Selected Papers. Lecture Notes in Computer Science, vol. 5665, pp. 296–307. Springer (2009). https://doi.org/10.1007/978-3-642-03317-9_18, https://doi.org/10.1007/978-3-642-03317-9_18

  3. Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans: extended version. J. Cryptogr. Eng. 4(1), 19–31 (2014). https://doi.org/10.1007/S13389-013-0068-0, https://doi.org/10.1007/s13389-013-0068-0

  4. Biryukov, A., Khovratovich, D., Nikolic, I.: Distinguisher and related-key attack on the full AES-256. In: CRYPTO. Lecture Notes in Computer Science, vol. 5677, pp. 231–249. Springer (2009)

    Google Scholar 

  5. Biryukov, A., Nikolic, I.: Automatic search for related-key differential characteristics in byte-oriented block ciphers: Application to aes, camellia, khazad and others. In: EUROCRYPT. Lecture Notes in Computer Science, vol. 6110, pp. 322–344. Springer (2010)

    Google Scholar 

  6. Biryukov, A., Nikolic, I.: Colliding keys for SC2000-256. In: Joux, A., Youssef, A.M. (eds.) Selected Areas in Cryptography - SAC 2014 - 21st International Conference, Montreal, QC, Canada, August 14-15, 2014, Revised Selected Papers. Lecture Notes in Computer Science, vol. 8781, pp. 77–91. Springer (2014). https://doi.org/10.1007/978-3-319-13051-4_5, https://doi.org/10.1007/978-3-319-13051-4_5

  7. Chen, L.: Recommendation for key derivation using pseudorandom functions. NIST SP 800-108r1 (2022)

    Google Scholar 

  8. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography, Springer (2002)

    Book  Google Scholar 

  9. Derbez, P., Euler, M., Fouque, P., Nguyen, P.H.: Revisiting related-key boomerang attacks on AES using computer-aided tool. In: ASIACRYPT (3). Lecture Notes in Computer Science, vol. 13793, pp. 68–88. Springer (2022)

    Google Scholar 

  10. Dong, X., Guo, J., Li, S., Pham, P.: Triangulating rebound attack on aes-like hashing. In: CRYPTO (1). Lecture Notes in Computer Science, vol. 13507, pp. 94–124. Springer (2022)

    Google Scholar 

  11. Dong, X., Sun, S., Shi, D., Gao, F., Wang, X., Hu, L.: Quantum collision attacks on aes-like hashing with low quantum random access memories. In: ASIACRYPT (2). Lecture Notes in Computer Science, vol. 12492, pp. 727–757. Springer (2020)

    Google Scholar 

  12. Dong, X., Zhang, Z., Sun, S., Wei, C., Wang, X., Hu, L.: Automatic classical and quantum rebound attacks on aes-like hashing by exploiting related-key differentials. In: ASIACRYPT (1). Lecture Notes in Computer Science, vol. 13090, pp. 241–271. Springer (2021)

    Google Scholar 

  13. Fouque, P., Jean, J., Peyrin, T.: Structural evaluation of AES and chosen-key distinguisher of 9-round AES-128. In: CRYPTO (1). Lecture Notes in Computer Science, vol. 8042, pp. 183–203. Springer (2013)

    Google Scholar 

  14. Gérault, D., Minier, M., Solnon, C.: Constraint programming models for chosen key differential cryptanalysis. In: CP. Lecture Notes in Computer Science, vol. 9892, pp. 584–601. Springer (2016)

    Google Scholar 

  15. Gilbert, H., Peyrin, T.: Super-sbox cryptanalysis: Improved attacks for aes-like permutations. In: FSE. Lecture Notes in Computer Science, vol. 6147, pp. 365–383. Springer (2010)

    Google Scholar 

  16. Hosoyamada, A., Sasaki, Y.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: EUROCRYPT (2). Lecture Notes in Computer Science, vol. 12106, pp. 249–279. Springer (2020)

    Google Scholar 

  17. Jean, J., Naya-Plasencia, M., Peyrin, T.: Multiple limited-birthday distinguishers and applications. In: Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 8282, pp. 533–550. Springer (2013)

    Google Scholar 

  18. Kelsey, J., Schneier, B., Wagner, D.A.: Key-schedule cryptanalysis of idea, g-des, gost, safer, and triple-des. In: Koblitz, N. (ed.) Advances in Cryptology - CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings. Lecture Notes in Computer Science, vol. 1109, pp. 237–251. Springer (1996). https://doi.org/10.1007/3-540-68697-5_19, https://doi.org/10.1007/3-540-68697-5_19

  19. Kim, H., Park, M., Cho, J., Kim, J., Kim, J.: Weaknesses of some lightweight blockciphers suitable for iot systems and their applications in hash modes. Peer-to-Peer Netw. Appl. 13(2), 489–513 (2020)

    Article  Google Scholar 

  20. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: Results on the full whirlpool compression function. In: ASIACRYPT. Lecture Notes in Computer Science, vol. 5912, pp. 126–143. Springer (2009)

    Google Scholar 

  21. Matsui, M.: Key collisions of the RC4 stream cipher. In: Dunkelman, O. (ed.) Fast Software Encryption, 16th International Workshop, FSE 2009, Leuven, Belgium, February 22-25, 2009, Revised Selected Papers. Lecture Notes in Computer Science, vol. 5665, pp. 38–50. Springer (2009). https://doi.org/10.1007/978-3-642-03317-9_3, https://doi.org/10.1007/978-3-642-03317-9_3

  22. Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved cryptanalysis of the reduced grøstl compression function, ECHO permutation and AES block cipher. In: Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 5867, pp. 16–35. Springer (2009)

    Google Scholar 

  23. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: Cryptanalysis of reduced whirlpool and grøstl. In: FSE. Lecture Notes in Computer Science, vol. 5665, pp. 260–276. Springer (2009)

    Google Scholar 

  24. Robshaw, M.: A cryptographic review of cipherunicorn-a. CRYPTRECT Technical report (2001)

    Google Scholar 

  25. Sasaki, Y.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) Fast Software Encryption - 18th International Workshop, FSE 2011, Lyngby, Denmark, February 13-16, 2011, Revised Selected Papers. Lecture Notes in Computer Science, vol. 6733, pp. 378–396. Springer (2011). https://doi.org/10.1007/978-3-642-21702-9_22, https://doi.org/10.1007/978-3-642-21702-9_22

  26. Sasaki, Y., Li, Y., Wang, L., Sakiyama, K., Ohta, K.: Non-full-active super-sbox analysis: Applications to ECHO and grøstl. In: ASIACRYPT. Lecture Notes in Computer Science, vol. 6477, pp. 38–55. Springer (2010)

    Google Scholar 

  27. Sun, L., Wang, M.: Sok: Modeling for large s-boxes oriented to differential probabilities and linear correlations. IACR Trans. Symmetric Cryptol. 2023(1), 111–151 (2023)

    Article  Google Scholar 

  28. Sun, L., Wang, W., Wang, M.: More Accurate Differential Properties of LED64 and Midori64. IACR Trans. Symmetric Cryptol. 2018(3), 93–123 (2018)

    Article  Google Scholar 

  29. Sun, L., Wang, W., Wang, M.: Accelerating the Search of Differential and Linear Characteristics with the SAT Method. IACR Cryptol. ePrint Arch. p. 213 (2021)

    Google Scholar 

Download references

Acknowledgements

This result is obtained from the commissioned research (JPJ012368C05801) by the National Institute of Information and Communications Technology (NICT), Japan. This work was also supported by JSPS KAKENHI Grant Number JP24H00696.

Author information

Authors and Affiliations

  1. University of Hyogo, Kobe, Japan

    Kodai Taiyama, Kazuma Taka & Takanori Isobe

  2. Mitsubishi Electric Corporation, Kamakura, Japan

    Kosei Sakamoto

  3. NICT, Koganei, Japan

    Ryoma Ito & Takanori Isobe

Authors
  1. Kodai Taiyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kosei Sakamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ryoma Ito
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kazuma Taka
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Takanori Isobe
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takanori Isobe .

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Kai-Min Chung

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2025 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Taiyama, K., Sakamoto, K., Ito, R., Taka, K., Isobe, T. (2025). Key Collisions on AES and Its Applications. In: Chung, KM., Sasaki, Y. (eds) Advances in Cryptology – ASIACRYPT 2024. ASIACRYPT 2024. Lecture Notes in Computer Science, vol 15490. Springer, Singapore. https://doi.org/10.1007/978-981-96-0941-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0941-3_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0940-6

  • Online ISBN: 978-981-96-0941-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics