Paper 2020/546

MixColumns Coefficient Property and Security of the AES with A Secret S-Box

Xin An, Kai Hu, and Meiqin Wang

Abstract

The MixColumns operation is an important component providing diffusion for the AES. The branch number of it ensures that any continuous four rounds of the AES have at least 25 active S-Boxes, which makes the AES secure against the differential and linear cryptanalysis. However, the choices of the coefficients of the MixColumns matrix may undermine the AES security against some novel-type attacks. A particular property of the AES MixColumns matrix coefficient has been noticed in recent papers that \emph{each row or column of the matrix has elements that sum to zero}. Several attacks have been developed taking advantage of the coefficient property. In this paper we investigate further the influence of the specific coefficient property on the AES security. Our target, which is also one of the targets of the previous works, is a 5-round AES variant with a secret S-Box. We will show how we take advantage of the coefficient property to extract the secret key directly without any assistance of the S-Box information. Compared with the previous similar attacks, the present attacks here are the best in terms of the complexity under the chosen-plaintext scenario.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Africacrypt 2020
Keywords
AESMixColumnsExchange AttackKey Recovery AttackSecret S-Box
Contact author(s)
anxin19 @ mail sdu edu cn
hukai @ mail sdu edu cn
mqwang @ sdu edu cn
History
2020-05-15: received
Short URL
https://ia.cr/2020/546
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/546,
      author = {Xin An and Kai Hu and Meiqin Wang},
      title = {{MixColumns} Coefficient Property and Security of the {AES} with A Secret S-Box},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/546},
      year = {2020},
      url = {https://eprint.iacr.org/2020/546}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.