Cryptology ePrint Archive: Report 2020/546

MixColumns Coefficient Property and Security of the AES with A Secret S-Box

Xin An and Kai Hu and Meiqin Wang

Abstract: The MixColumns operation is an important component providing diffusion for the AES. The branch number of it ensures that any continuous four rounds of the AES have at least 25 active S-Boxes, which makes the AES secure against the differential and linear cryptanalysis. However, the choices of the coefficients of the MixColumns matrix may undermine the AES security against some novel-type attacks. A particular property of the AES MixColumns matrix coefficient has been noticed in recent papers that \emph{each row or column of the matrix has elements that sum to zero}. Several attacks have been developed taking advantage of the coefficient property.

In this paper we investigate further the influence of the specific coefficient property on the AES security. Our target, which is also one of the targets of the previous works, is a 5-round AES variant with a secret S-Box. We will show how we take advantage of the coefficient property to extract the secret key directly without any assistance of the S-Box information. Compared with the previous similar attacks, the present attacks here are the best in terms of the complexity under the chosen-plaintext scenario.

Category / Keywords: secret-key cryptography / AES, MixColumns, Exchange Attack, Key Recovery Attack, Secret S-Box

Original Publication (in the same form): Africacrypt 2020

Date: received 10 May 2020, last revised 10 May 2020

Contact author: anxin19 at mail sdu edu cn,hukai@mail sdu edu cn,mqwang@sdu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20200515:094422 (All versions of this report)

Short URL: ia.cr/2020/546


[ Cryptology ePrint archive ]