Paper 2017/1200

MixColumns Properties and Attacks on (round-reduced) AES with a Single Secret S-Box

Lorenzo Grassi

Abstract

In this paper, we present new key-recovery attacks on AES with a single secret S-Box. Several attacks for this model have been proposed in literature, the most recent ones at Crypto’16 and FSE’17. Both these attacks exploit a particular property of the MixColumns matrix to recover the secret-key. In this work, we show that the same attacks work exploiting a weaker property of the MixColumns matrix. As first result, this allows to (largely) increase the number of MixColumns matrices for which it is possible to set up all these attacks. As a second result, we present new attacks on 5-round AES with a single secret S-Box that exploit the new multiple-of-n property recently proposed at Eurocrypt’17. This property is based on the fact that choosing a particular set of plaintexts, the number of pairs of ciphertexts that lie in a particular subspace is a multiple of n.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. CT-RSA 2018
Keywords
AESMixColumnskey-recovery attacksecret S-Box
Contact author(s)
lorenzo grassi @ iaik tugraz at
History
2018-01-08: revised
2017-12-18: received
See all versions
Short URL
https://ia.cr/2017/1200
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/1200,
      author = {Lorenzo Grassi},
      title = {{MixColumns} Properties and Attacks on (round-reduced) {AES} with a Single Secret S-Box},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/1200},
      year = {2017},
      url = {https://eprint.iacr.org/2017/1200}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.