Cryptology ePrint Archive: Report 2018/726
Towards Key-Dependent Integral and Impossible Differential Distinguishers on 5-Round AES
Kai Hu and Tingting Cui and Chao Gao and Meiqin Wang
Abstract: Reduced-round AES has been a popular underlying primitive to design new cryptographic schemes and thus its security including distinguishing properties deserves more attention.
At Crypto'16, a key-dependent integral distinguisher on 5-round AES was put forward, which opened up a new direction to take more insights into the distinguishing properties of AES.
After that, two key-dependent impossible differential (ID) distinguishers on 5-round AES were proposed at FSE'16 and CT-RSA'18, respectively.
It is strange that the current key-dependent integral distinguisher requires significantly higher complexities than the key-dependent ID distinguishers, even though they are constructed with the same property of MixColumns ($2^{128} \gg 2^{98.2}$).
Proposers of the 5-round key-dependent distinguishers claimed that the corresponding integral and ID distinguishers can only work under chosen-ciphertext and chosen-plaintext settings, respectively, which is very different from the situations of traditional key-independent distinguishers.
In this paper, we first construct a novel key-dependent integral distinguisher on 5-round AES with $2^{96}$ chosen plaintexts, which is much better than the previous key-dependent integral distinguisher that requires the full codebook proposed at Crypto'16.
Secondly,
we show that both distinguishers are valid under either chosen-plaintext setting or chosen-ciphertext setting, which is different from the claims of previous cryptanalysis.
However, under different settings, complexities of key-dependent integral distinguishers are very different while those of the key-dependent ID distinguishers are almost the same.
We analyze the reasons for it.
Category / Keywords: secret-key cryptography / AES, Key-Dependent, Integral, Impossible Differential
Original Publication (in the same form): SAC 2018
Date: received 5 Aug 2018
Contact author: mqwang at sdu edu cn
Available format(s): PDF | BibTeX Citation
Version: 20180809:150133 (All versions of this report)
Short URL: ia.cr/2018/726
[ Cryptology ePrint archive ]