CryptoDB
Chosen-Key Distinguishing Attacks on Full AES-192, AES-256, Kiasu-BC, and More
| Authors: | |
|---|---|
| Download: | |
| Abstract: | At CRYPTO 2020, Liu et al. demonstrated that many differentials on Gimli are, in fact, incompatible. Similar incompatibilities also arise in relatedkey differentials on AES, which are typically addressed in an ad-hoc manner by incorporating additional constraints into the searching models. However, such ad-hoc methods are insufficient to eliminate all incompatibilities and may still produce false positive related-key differentials. At CRYPTO 2022, a novel approach was introduced that combines a Constraint Programming (CP) tool with a triangulation algorithm to search for rebound attacks against AES-like hashings. In this paper, we extend and unify these techniques to develop a comprehensive related-key differential search model. Our model not only identifies valid related-key differentials for AES and similar ciphers, but also enables immediate verification of the existence of at least one key pair satisfying the differentials. Using this enhanced automatic tool, we discover new related-key differentials for full-round AES-192, AES-256, Kiasu-BC, and for roundreduced Deoxys-BC. Based on these findings, we present full-round limited-birthday chosen-key distinguishing attacks on AES-192, AES-256, and Kiasu-BC, as well as the first chosen-key distinguisher on reduced-round Deoxys-BC. Furthermore, we identify, for the first time, a limited-birthday distinguisher on 9-round Kiasu-BC with practical complexities. |
BibTeX
@article{tosc-2025-36290,
title={Chosen-Key Distinguishing Attacks on Full AES-192, AES-256, Kiasu-BC, and More},
journal={IACR Transactions on Symmetric Cryptology},
publisher={Ruhr-Universität Bochum},
volume={2025},
pages={400-443},
url={https://tosc.iacr.org/index.php/ToSC/article/view/12475},
doi={10.46586/tosc.v2025.i3.400-443},
author={Xiaoyang Dong and Jian Guo and Shun Li and Phuong Pham},
year=2025
}