Structural Evaluation of AES and Chosen-Key Distinguisher of 9-round AES-128

Pierre-Alain Fouque 1 Jérémy Jean 2 Thomas Peyrin 3
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : While the symmetric-key cryptography community has now a good experience on how to build a secure and efficient fixed permutation, it remains an open problem how to design a key-schedule for block ciphers, as shown by the numerous candidates broken in the related-key model or in a hash function setting. Provable security against differential and linear cryptanalysis in the related-key scenario is an important step towards a better understanding of its construction. Using a structural analysis, we show that the full AES-128 cannot be proven secure unless the exact coefficients of the MDS matrix and the S-Box differential properties are taken into account since its structure is vulnerable to a related-key differential attack. We then exhibit a chosen-key distinguisher for AES-128 reduced to 9 rounds, which solves an open problem of the symmetric community. We obtain these results by revisiting algorithmic theory and graph-based ideas to compute all the best differential characteristics in SPN ciphers, with a special focus on AES-like ciphers subject to related-keys. We use a variant of Dijkstra's algorithm to efficiently find the most efficient related-key attacks on SPN ciphers with an algorithm linear in the number of rounds.
Type de document :
Communication dans un congrès
CRYPTO 2013, Aug 2013, Santa Barbara, United States. 2013
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger
Contributeur : Jérémy Jean <>
Soumis le : lundi 7 octobre 2013 - 12:56:59
Dernière modification le : jeudi 11 janvier 2018 - 06:22:10
Document(s) archivé(s) le : vendredi 7 avril 2017 - 07:52:47


Fichiers produits par l'(les) auteur(s)


  • HAL Id : hal-00870453, version 1



Pierre-Alain Fouque, Jérémy Jean, Thomas Peyrin. Structural Evaluation of AES and Chosen-Key Distinguisher of 9-round AES-128. CRYPTO 2013, Aug 2013, Santa Barbara, United States. 2013. 〈hal-00870453〉



Consultations de la notice


Téléchargements de fichiers