International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Extended Truncated-differential Distinguishers on Round-reduced AES

Authors:
Zhenzhen Bao , Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, Singapore
Jian Guo , Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, Singapore
Eik List , Bauhaus-Universität Weimar, Weimar, Germany
Download:
DOI: 10.13154/tosc.v2020.i3.197-261
URL: https://tosc.iacr.org/index.php/ToSC/article/view/8701
Search ePrint
Search Google
Abstract: Distinguishers on round-reduced AES have attracted considerable attention in the recent years. While the number of rounds covered in key-recovery attacks did not increase, subspace, yoyo, mixture-differential, and multiple-of-n cryptanalysis advanced the understanding of the properties of the cipher.For substitution-permutation networks, integral attacks are a suitable target for extension since they usually end after a linear layer sums several subcomponents. Based on results by Patarin, Chen et al. already observed that the expected number of collisions for a sum of permutations differs slightly from that for a random primitive. Though, their target remained lightweight primitives.The present work illustrates how the well-known integral distinguisher on three-round AES resembles a sum of PRPs and can be extended to truncated-differential distinguishers over 4 and 5 rounds. In contrast to previous distinguishers by Grassi et al., our approach allows to prepend a round that starts from a diagonal subspace. We demonstrate how the prepended round can be used for key recovery with a new differential key-recovery attack on six-round AES. Moreover, we show how the prepended round can also be integrated to form a six-round distinguisher. For all distinguishers and the key-recovery attack, our results are supported by implementations with Cid et al.’s established Small-AES version. While the distinguishers do not threaten the security of the AES, they try to shed more light on its properties.
Video from TOSC 2020
BibTeX
@article{tosc-2020-30569,
  title={Extended Truncated-differential Distinguishers on Round-reduced AES},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Issue 3},
  pages={197-261},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/8701},
  doi={10.13154/tosc.v2020.i3.197-261},
  author={Zhenzhen Bao and Jian Guo and Eik List},
  year=2020
}