IACR News item: 10 June 2013
Pierre-Alain Fouque, Jérémy Jean, Thomas Peyrin
ePrint Reportexperience on how to build a secure and efficient fixed permutation,
it remains an open problem how to design a key-schedule for block
ciphers, as shown by the numerous candidates broken in the related-key
model or in a hash function setting. Provable security against
differential and linear cryptanalysis in the related-key scenario is
an important step towards a better understanding of its construction.
Using a structural analysis, we show that the full AES-128 cannot be
proven secure unless the exact coefficients of the MDS matrix and the
S-Box differential properties are taken into account since its
structure is vulnerable to a related-key differential attack. We then
exhibit a chosen-key distinguisher for AES-128 reduced to 9 rounds,
which solves an open problem of the symmetric community. We obtain
these results by revisiting algorithmic theory and graph-based ideas
to compute all the best differential characteristics in SPN ciphers,
with a special focus on AES-like ciphers subject to related-keys. We
use a variant of Dijkstra\'s algorithm to efficiently find the most
efficient related-key attacks on SPN ciphers with an algorithm linear
in the number of rounds.
Additional news items may be found on the IACR news page.