Paper 2012/415

Revisiting Key Schedule's Diffusion In Relation With Round Function's Diffusion

Jialin Huang and Xuejia Lai

Abstract

We study the weakness of key schedules from an observation: many existing attacks use the fact that the key schedules poorly distribute key bits in the diffusion path of round function. This reminds us of the importance of the diffusion's relation between key schedule and round function. We present new cryptanalysis results by exploring such diffusion relation and propose a new criterion for necessary key schedule diffusion. We discuss potential attacks and summarize the causes for key schedules without satisfying this criterion. One major cause is that overlapping between the diffusion of key schedule and round function leads to information leakage of key bits. Finally, a measure to estimate our criterion for recursive key schedules is presented. Today designing key schedule still lacks practical and necessary principles. For a practical key schedule with limited diffusion, our work adds more insight to its requirements and helps to maximize the security level.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown status
Keywords
key schedulemeet-in-the-middleblock cipherSHACAL-2XTEA
Contact author(s)
jlhuang cn @ gmail com
History
2016-02-12: revised
2012-08-01: received
See all versions
Short URL
https://ia.cr/2012/415
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/415,
      author = {Jialin Huang and Xuejia Lai},
      title = {Revisiting Key Schedule's Diffusion In Relation With Round Function's Diffusion},
      howpublished = {Cryptology ePrint Archive, Paper 2012/415},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/415}},
      url = {https://eprint.iacr.org/2012/415}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.