Paper 2019/095

Variants of the AES Key Schedule for Better Truncated Differential Bounds

Patrick Derbez, Pierre-Alain Fouque, Jérémy Jean, and Baptiste Lambin

Abstract

Differential attacks are one of the main ways to attack block ciphers. Hence, we need to evaluate the security of a given block cipher against these attacks. One way to do so is to determine the minimal number of active S-boxes, and use this number along with the maximal differential probability of the S-box to determine the minimal probability of any differential characteristic. Thus, if one wants to build a new block cipher, one should try to maximize the minimal number of active S-boxes. On the other hand, the related-key security model is now quite important, hence, we also need to study the security of block ciphers in this model. In this work, we search how one could design a key schedule to maximize the number of active S-boxes in the related-key model. However, we also want this key schedule to be efficient, and therefore choose to only consider permutations. Our target is AES, and along with a few generic results about the best reachable bounds, we found a permutation to replace the original key schedule that reaches a minimal number of active S-boxes of 20 over 6 rounds, while no differential characteristic with a probability larger than $2^{-128}$ exists. We also describe an algorithm which helped us to show that there is no permutation that can reach 18 or more active S-boxes in 5 rounds. Finally, we give several pairs $(P_s, P_k)$, replacing respectively the ShiftRows operation and the key schedule of the AES, reaching a minimum of 21 active S-boxes over 6 rounds, while again, there is no differential characteristic with a probability larger than $2^{-128}$.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. SAC 2018
DOI
10.1007/978-3-030-10970-7_2
Contact author(s)
baptiste lambin @ irisa fr
History
2019-01-31: received
Short URL
https://ia.cr/2019/095
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/095,
      author = {Patrick Derbez and Pierre-Alain Fouque and Jérémy Jean and Baptiste Lambin},
      title = {Variants of the AES Key Schedule for Better Truncated Differential Bounds},
      howpublished = {Cryptology ePrint Archive, Paper 2019/095},
      year = {2019},
      doi = {10.1007/978-3-030-10970-7_2},
      note = {\url{https://eprint.iacr.org/2019/095}},
      url = {https://eprint.iacr.org/2019/095}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.