You are looking at a specific version 20171115:141007 of this paper. See the latest version.

Paper 2017/832

New Approaches for Distinguishers and Attacks on round-reduced AES

Lorenzo Grassi

Abstract

At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems (rather) hard to exploit such a distinguisher in order to implement a key-recovery attack different than brute-force like. In this paper, we propose new secret-key distinguishers for 4 and 5 rounds of AES that exploit properties which are independent of the secret key and of the details of the S-Box. While the 4-round distinguisher exploits in a different way the same property presented at Eurocrypt 2017, the new proposed 5-round ones are obtained by combining our new 4-round distinguisher with a modified version of a truncated differential distinguisher. As a result, while a "classical" truncated differential distinguisher exploits the probability that a couple of texts satisfies or not a given differential trail independently of the others couples, our distinguishers work with sets of N >> 1 (related) couples of texts. In particular, our new 5-round AES distinguishers exploit the fact that such sets of texts satisfy some properties with a different probability than a random permutation. Even if such 5-round distinguishers have higher complexity than the one present in the literature, one of them can be used as starting point to set up the first key-recovery attack on 6-round AES that exploits directly a 5-round secret-key distinguisher. The goal of this paper is indeed to present and explore new approaches, showing that even a distinguisher like the one presented at Eurocrypt - believed to be hard to exploit - can be used to set up a key-recovery attack.

Note: - New proof of the proposed distinguishers using the super-Sbox notation - 2 new secret-key distinguishers for 5-round AES which are independent of the secret key - Re-organization of the paper (attacks on AES with a single secret S-Box moved to a different paper) - New practical results

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Contact author(s)
lorenzo grassi @ iaik tugraz at
History
2019-07-01: last of 6 revisions
2017-08-31: received
See all versions
Short URL
https://ia.cr/2017/832
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.