Higher-Order Mixture Differentials for AES-Based Block Ciphers and Applications to TweAES
Author: 
Eik ListAuthors Info & Claims
Pages 45 - 64
Abstract
In ToSC 2/2018, Grassi introduced mixture differentials for the AES. A mixture takes a pair of texts and derives a second pair from mixing parts of the first one. The conditional probability of the second pair to follow a certain (truncated) differential is then strongly influenced by that of the first pair. Mixtures found various follow-up applications for attacks, leading to Bar-On et al.’s fastest key-recovery attacks on 5-round AES, the fastest boomerangs on up to 6-round AES, or to Bardeh and Rønjom’s 6-round distinguisher. However, mixtures are not limited to the AES. Among the recent proposals of AES-based ciphers, TweAES augments the AES by a tiny tweak that is expanded with a simple code and added to the first two rows. Inspired by the observation that the tweak-expansion code of TweAES effectively thwarts tweak-induced mixtures, we propose higher-order mixtures as a generalization. To demonstrate their applicability, we describe a 6-round distinguisher and a 7-round key recovery attack on TweAES.
References
[1]
Avanzi R The QARMA block cipher family. Almost MDS matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency s-boxes IACR Trans. Symmetric Cryptology 2017 2017 1 4-44
[2]
Avanzi, R., et al.: The QARMAv2 family of tweakable block ciphers. IACR Trans. Symmetric Cryptology 2023(3), 25–73 (2023).
[3]
Bar-On A, Dunkelman O, Keller N, Ronen E, and Shamir A Shacham H and Boldyreva A Improved key recovery attacks on reduced-round AES with practical data and memory complexities Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 185-212
[4]
Bardeh, N.G., Rijmen, V.: New key-recovery attack on reduced-round AES. IACR Trans. Symmetric Cryptology 2022(2), 43–62 (2022).
[5]
Bardeh NG and Rønjom S Buchmann J, Nitaj A, and Rachidi T Practical attacks on reduced-round AES Progress in Cryptology – AFRICACRYPT 2019 2019 Cham Springer 297-310
[6]
Bardeh NG and Rønjom S Galbraith SD and Moriai S The exchange attack: how to distinguish six rounds of AES with chosen plaintexts Advances in Cryptology – ASIACRYPT 2019 2019 Cham Springer 347-370
[7]
Beierle C, Jean J, Kölbl S, Leander G, Moradi A, Peyrin T, Sasaki Yu, Sasdrich P, and Sim SM Robshaw M and Katz J The SKINNY family of block ciphers and its low-latency variant MANTIS Advances in Cryptology – CRYPTO 2016 2016 Heidelberg Springer 123-153
[8]
Beierle, C., Leander, G., Moradi, A., Rasoolzadeh, S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR Trans. Symmetric Cryptology 2019(1), 5–45 (2019).
[9]
Boura, C., Canteaut, A., Coggia, D.: A general proof framework for recent AES distinguishers. IACR Trans. Symmetric Cryptology 2019(1), 170–191 (2019).
[10]
Chakraborti A, Datta N, Jha A, Mancillas-López C, Nandi M, and Sasaki Y Elastic-tweak: a framework for short tweak tweakable block cipher IACR Cryptology ePrint Arch. 2019 2019 440
[11]
Chakraborti, A., Datta, N., Jha, A., Mancillas-López, C., Nandi, M., Sasaki, Y.: ESTATE: a lightweight and low energy authenticated encryption mode. IACR Trans. Symmetric Cryptology 2020(S1), 350–389 (2020).
[12]
Chakraborti A, Datta N, Jha A, Mancillas-López C, Nandi M, and Sasaki Yu Adhikari A, Küsters R, and Preneel B Elastic-tweak: a framework for short tweak tweakable block cipher Progress in Cryptology – INDOCRYPT 2021 2021 Cham Springer 114-137
[13]
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002).
[14]
Dobraunig C, Eichlseder M, and Mendel F Manulis M, Sadeghi A-R, and Schneider S Square attack on 7-round Kiasu-BC Applied Cryptography and Network Security 2016 Cham Springer 500-517
[15]
Dobraunig C and List E Handschuh H Impossible-differential and boomerang cryptanalysis of round-reduced Kiasu-BC Topics in Cryptology – CT-RSA 2017 2017 Cham Springer 207-222
[16]
Dunkelman O, Keller N, Ronen E, and Shamir A Canteaut A and Ishai Y The retracing boomerang attack Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 280-309
[17]
Grassi L Smart NP MixColumns properties and attacks on (round-reduced) AES with a single secret S-Box Topics in Cryptology – CT-RSA 2018 2018 Cham Springer 243-263
[18]
Grassi, L.: Mixture differential cryptanalysis: a new approach to distinguishers and attacks on round-reduced AES. IACR Trans. Symmetric Cryptology 2018(2), 133–160 (2018).
[19]
Grassi, L., Rechberger, C.: Truncated differential properties of the diagonal set of inputs for 5-round AES. In: Nguyen, K., Yang, G., Guo, F., Susilo, W. (eds.) ACISP. Lecture Notes in Computer Science, vol. 13494, pp. 24–45. Springer, Cham (2022).
[20]
Grassi, L., Rechberger, C., Rønjom, S.: A new structural-differential property of 5-round AES. In: Coron, J., Nielsen, J.B. (eds.) EUROCRYPT II. Lecture Notes in Computer Science, vol. 10211, pp. 289–317 (2017).
[21]
Grassi, L., Rechberger, C., Rønjom, S.: Subspace trail cryptanalysis and its applications to AES. IACR Trans. Symmetric Cryptology 2016(2), 192–225 (2017).
[22]
Jean J, Nikolić I, and Peyrin T Sarkar P and Iwata T Tweaks and keys for block ciphers: the TWEAKEY framework Advances in Cryptology – ASIACRYPT 2014 2014 Heidelberg Springer 274-288
[23]
Jiang Z and Jin C Related-tweak multiple impossible differential attack for TweAES J. Electron. Inf. Technol. 2023 45 1 344-352
[24]
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2442, pp. 31–46. Springer (2002).
[25]
Liu Y et al. Improved meet-in-the-middle attacks on reduced-round Kiasu-BC and Joltik-BC Comput. J. 2019 62 12 1761-1776
[26]
Mitzenmacher, M., Upfal, E.: Probability and Computing: Randomized Algorithms and Probabilistic Analysis. Cambridge University Press (2005).
[27]
National Institute of Standards and Technology: FIPS 197, pp. 1–51. National Institute of Standards and Technology (2001)
[28]
Niu C, Li M, Wang M, Wang Q, and Yiu S-M AlTawy R and Hülsing A Related-tweak impossible differential cryptanalysis of reduced-round TweAES Selected Areas in Cryptography 2022 Cham Springer 223-245
[29]
Qiao, K.: Quadruple differential distinguishers and an automatic searching tool. techrxiv (2022)
[30]
Qiao K, Cheng J, and Ou C A new mixture differential cryptanalysis on round-reduced AES Mathematics 2022 10 24 4736
[31]
Qiao K, Zhang Z, Niu Z, and Zhu L The exchange attack and the mixture differential attack revisited: from the perspective of automatic evaluation Chin. J. Electron. 2024 33 1 19-29
[32]
Rønjom S, Bardeh NG, and Helleseth T Takagi T and Peyrin T Yoyo tricks with AES Advances in Cryptology – ASIACRYPT 2017 2017 Cham Springer 217-243
[33]
Sakamoto K et al. Attrapadung N, Yagi T, et al. Tweakable TWINE: building a tweakable block cipher on generalized feistel structure Advances in Information and Computer Security 2019 Cham Springer 129-145
[34]
Tolba, M., Abdelkhalek, A., Youssef, A.M.: A meet in the middle attack on reduced round Kiasu-BC. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 99-A(10), 1888–1890 (2016).
[35]
Xie X and Tian T Structural evaluation of AES-like ciphers against mixture differential cryptanalysis Des. Codes Crypt. 2023 91 12 3881-3899
Index Terms
- Higher-Order Mixture Differentials for AES-Based Block Ciphers and Applications to TweAES
Index terms have been assigned to the content through auto-classification.
Recommendations
The (related-key) impossible boomerang attack and its application to the AES block cipher
The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in ...
Improved Meet-in-the-Middle Attacks on Nine Rounds of the AES-192 Block Cipher
Topics in Cryptology – CT-RSA 2024AbstractIn the single-key attack scenario, meet-in-the-middle (MitM) attack method has led to the best currently published cryptanalytic results on the AES block cipher, except biclique attack. Particularly, for AES with a 192-bit key (AES-192), Li et al. ...
Upper bound of the length of truncated impossible differentials for AES
On the provable security of a block cipher against impossible differential cryptanalysis, the maximal length of impossible differentials is an essential aspect. Most previous work on finding impossible differentials for AES, omits the non-linear ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sep 2024
309 pages
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 17 September 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Jan 2025