Skip to main content
SpringerLink
Log in

More accurate results on the provable security of AES against impossible differential cryptanalysis

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Whether there exist longer impossible differentials than existing ones for a block cipher, is an important problem in the provable security evaluation of a block cipher against impossible differential cryptanalysis. In this paper, we give more accurate results for this problem for the AES. After investigating the differential properties of both the S-box and the linear layer of AES, we theoretically prove that there do not exist impossible concrete differentials longer than 4 rounds for AES by proving that any concrete differential is possible for the 5-round AES, under the only assumption that the round keys are independent and uniformly random. We use a tool, called “(wd)-Dependent Tree (DT)”, to show how any concrete differential \(\varDelta X \rightarrow \varDelta Z\) can be connected in the middle of the 5-round AES by some DTs. Our method might shed some light on bounding the length of impossible differentials with the differential properties of the S-boxes considered for some SPN block ciphers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. Note that we only need to consider (truncated) differentials that are non-trivial and we will take this as a default setting.

  2. Note that for any fixed-key cipher, it always has impossible differentials for arbitrary rounds.

  3. Here, (*) represents the nonzero byte.

References

  1. Bahrak B., Aref M.R.: Impossible differential attack on seven-round AES-128. IET Inf. Secur. 2(2), 28–32 (2008).

    Article  Google Scholar 

  2. Bar-On A., Biham E., Dunkelman O., Keller N.: Efficient slide attacks. J. Cryptol. 31(3), 641–670 (2018).

    Article  MathSciNet  Google Scholar 

  3. Biham E., Biryukov A., Shamir A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: J. Stern (ed.) Advances in Cryptology-EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999. Lecture Notes in Computer Science, vol. 1592, pp. 12–23. Springer, Berlin (1999).

    Chapter  Google Scholar 

  4. Blondeau C., Bogdanov A., Leander G.: Bounds in shallows and in miseries. In: R. Canetti, J.A. Garay (eds.) Advances in Cryptology-CRYPTO 2013-33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Part I, Lecture Notes in Computer Science, vol. 8042, pp. 204–221. Springer, Berlin (2013).

  5. Blondeau C., Gérard B.: Links between theoretical and effective differential probabilities: experiments on PRESENT. In: IACR Cryptology ePrint Archive, vol. 2010, p. 261 (2010). http://eprint.iacr.org/2010/261.

  6. Boura C., Lallemand V., Naya-Plasencia M., Suder V.: Making the impossible possible. J. Cryptol. 31(1), 101–133 (2018).

    Article  MathSciNet  Google Scholar 

  7. Boura C., Minier M., Naya-Plasencia M., Suder V.: improved impossible differential attacks against round-reduced Lblock. In: IACR Cryptology ePrint Archive, vol. 2014, p. 279 (2014). http://eprint.iacr.org/2014/279.

  8. Canteaut A., Roué J.: On the behaviors of affine equivalent sboxes regarding differential and linear attacks. In: Oswald and Fischlin [27], pp. 45–74.

    Chapter  Google Scholar 

  9. Cui T., Jia K., Fu K., Chen S., Wang M.: New automatic search tool for impossible differentials and zero-correlation linear approximations. In: IACR Cryptology ePrint Archive, vol. 2016, p. 689 (2016).

  10. Cui T., Jin C., Zhang B., Chen Z., Zhang G.: Searching all truncated impossible differentials in SPN. IET Inf. Secur. 11(2), 89–96 (2017).

    Article  Google Scholar 

  11. Daemen J., Rijmen V.: The Design of Rijndael: AES-The Advanced Encryption Standard. Information Security and Cryptography. Springer, Berlin (2002).

    Book  Google Scholar 

  12. Daemen J., Rijmen V.: Understanding two-round differentials in AES. In: R.D. Prisco, M. Yung (eds.) Security and Cryptography for Networks, 5th International Conference, SCN 2006, Maiori, Italy, September 6–8, 2006. Lecture Notes in Computer Science, vol. 4116, pp. 78–94. Springer, Berlin (2006).

  13. Derbez P.: Note on impossible differential attacks. In: T. Peyrin (ed.) Fast Software Encryption-23rd International Conference, FSE 2016, Bochum, Germany, March 20–23, 2016, Revised Selected Papers, Lecture Notes in Computer Science, vol. 9783, pp. 416–427. Springer, Berlin (2016).

  14. Even S., Mansour Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997).

    Article  MathSciNet  Google Scholar 

  15. Grassi L., Rechberger C., Rønjom S.: A new structural-differential property of 5-round AES. In: J. Coron, J.B. Nielsen (eds.) Advances in Cryptology-EUROCRYPT 2017-36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30–May 4, 2017, Proceedings, Part II, Lecture Notes in Computer Science, vol. 10211, pp. 289–317. Springer, Berlin (2017).

    Google Scholar 

  16. Kim J., Hong S., Lim J.: Impossible differential cryptanalysis using matrix method. Discret. Math. 310(5), 988–1002 (2010).

    Article  MathSciNet  Google Scholar 

  17. Knudsen L.R.: DEAL-A 128-bit block cipher. Complexity 258(2), 216 (1998).

    Google Scholar 

  18. Knudsen L.R., Mathiassen J.E.: On the role of key schedules in attacks on iterated ciphers. In: P. Samarati, P.Y.A. Ryan, D. Gollmann, R. Molva (eds.) Computer Security-ESORICS 2004, 9th European Symposium on Research Computer Security, Sophia Antipolis, France, September 13–15, 2004, Proceedings, Lecture Notes in Computer Science, vol. 3193, pp. 322–334. Springer, Berlin (2004).

    Chapter  Google Scholar 

  19. Knudsen L.R.: The Block Cipher Companion. Information Security and Cryptography. Springer, Berlin (2011).

    Book  Google Scholar 

  20. Lai X., Massey J.L., Murphy S.: Markov ciphers and differential cryptanalysis. In: D.W. Davies (ed.) Advances in Cryptology-EUROCRYPT ’91, Workshop on the Theory and Application of of Cryptographic Techniques, Brighton, UK, April 8–11, 1991. Lecture Notes in Computer Science, vol. 547, pp. 17–38. Springer, Berlin (1991).

  21. Leander G., Minaud B., Rønjom S.: A generic approach to invariant subspace attacks: cryptanalysis of robin, iSCREAM and zorro. In: Oswald and Fischlin [27], pp. 254–283.

    Chapter  Google Scholar 

  22. Li S., Song C.: Improved impossible differential cryptanalysis of ARIA. In: Proceedings of the 2008 International Conference on Information Security and Assurance ISA 2008, pp. 129–132 (2008).

  23. Lidl R., Niederreiter H.: Finite Fields. Cambridge University Press, Cambridge (1997).

    MATH  Google Scholar 

  24. Luo Y., Lai X., Wu Z., Gong G.: A unified method for finding impossible differentials of block cipher structures. Inf. Sci. 263, 211–220 (2014).

    Article  Google Scholar 

  25. Mala H., Dakhilalian M., Rijmen V., Modarres-Hashemi M.: improved impossible differential cryptanalysis of 7-round AES-128. In: G. Gong, K.C. Gupta (eds.) Progress in Cryptology-INDOCRYPT 2010-11th International Conference on Cryptology in India, Hyderabad, India, December 12–15, 2010. Lecture Notes in Computer Science, vol. 6498, pp. 282–291. Springer, Berlin (2010).

    Chapter  Google Scholar 

  26. Mouha N., Wang Q., Gu D., Preneel B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: C. Wu, M. Yung, D. Lin (eds.) Information Security and Cryptology-7th International Conference, Inscrypt 2011, Beijing, China, November 30–December 3, 2011. Revised Selected Papers, Lecture Notes in Computer Science, vol. 7537, pp. 57–76. Springer, Berlin (2011).

  27. Oswald E., Fischlin M. (eds.): Advances in Cryptology-EUROCRYPT 2015–34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015. Part I, vol. 9056. Lecture Notes in Computer Science. Springer, Berlin (2015).

  28. Rønjom S., Bardeh N.G., Helleseth T.: Yoyo tricks with AES. In: T. Takagi, T. Peyrin (eds.) Advances in Cryptology-ASIACRYPT 2017-23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017. Part I, Lecture Notes in Computer Science, vol. 10624, pp. 217–243. Springer, Berlin (2017).

    Chapter  Google Scholar 

  29. Sasaki Y., Todo Y.: New impossible differential search tool from design and cryptanalysis aspects-revealing structural properties of several ciphers. In: J. Coron, J.B. Nielsen (eds.) Advances in Cryptology-EUROCRYPT 2017-36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30–May 4, 2017. Part III, Lecture Notes in Computer Science, vol. 10212, pp. 185–215. Springer, Berlin (2017).

    Google Scholar 

  30. Sun B., Liu M., Guo J., Qu L., Rijmen V.: New insights on AES-Like SPN ciphers. In: M. Robshaw, J. Katz (eds.) Advances in Cryptology-CRYPTO 2016-36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016. Part I, Lecture Notes in Computer Science, vol. 9814, pp. 605–624. Springer, Berlin (2016).

  31. Sun B., Liu M., Guo J., Rijmen V., Li R.: provable security evaluation of structures against impossible differential and zero correlation linear cryptanalysis. In: M. Fischlin, J. Coron (eds.) Advances in Cryptology-EUROCRYPT 2016-35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8–12, 2016. Part I, Lecture Notes in Computer Science, vol. 9665, pp. 196–213. Springer, Berlin (2016).

    Chapter  Google Scholar 

  32. Sun S., Hu L., Wang P., Qiao K., Ma X., Song L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: P. Sarkar, T. Iwata (eds.) Advances in Cryptology-ASIACRYPT 2014-20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014. Part I, Lecture Notes in Computer Science, vol. 8873, pp. 158–178. Springer, Berlin (2014).

    Google Scholar 

  33. Todo Y., Leander G., Sasaki Y.: Nonlinear invariant attack: practical attack on full SCREAM, iSCREAM, and Midori64. J. Cryptol. (2018). https://doi.org/10.1007/s00145-018-9285-0.

    Article  MathSciNet  Google Scholar 

  34. Wang Q., Jin C.: Upper bound of the length of truncated impossible differentials for AES. Des. Codes Cryptogr. 86(7), 1541–1552 (2018).

    Article  MathSciNet  Google Scholar 

  35. Wu S., Wang M.: Automatic search of truncated impossible differentials for word-oriented block ciphers. In: S.D. Galbraith, M. Nandi (eds.) Progress in Cryptology-INDOCRYPT 2012, 13th International Conference on Cryptology in India, Kolkata, India, December 9–12, 2012. Lecture Notes in Computer Science, vol. 7668, pp. 283–302. Springer, Berlin (2012).

    Google Scholar 

  36. Xue W., Wang Q., Lai X.: Applicability of Markov-cipher theory on actual key schedules. J. Cryptol. Res. 1(1), 83–90 (2014).

    Google Scholar 

Download references

Acknowledgements

We would like to thank anonymous reviewers for their comments on this paper, which greatly simplify the proof of the Lemma 1 and improve this paper, as well as give us some guidance on the impact of the key schedule.

Author information

Authors and Affiliations

  1. Information Science and Technology Institute, Zhengzhou, China

    Qian Wang & Chenhui Jin

Authors
  1. Qian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chenhui Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qian Wang.

Additional information

Communicated by C. Carlet.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work was supported by National Natural Science Foundation of China (Grant Nos. 61272488, 61402523, 61772547, 61802438 and 61602514).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, Q., Jin, C. More accurate results on the provable security of AES against impossible differential cryptanalysis. Des. Codes Cryptogr. 87, 3001–3018 (2019). https://doi.org/10.1007/s10623-019-00660-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-019-00660-7

Keywords

Mathematics Subject Classification

Search

Navigation