Paper 2024/1447
Generic Differential Key Recovery Attacks and Beyond
, College of Cyber Security, Jinan University, Guangzhou, China, College of Cyber Security, Jinan University, Guangzhou, China, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, College of Cyber Security, Jinan University, Guangzhou, China, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, College of Cyber Security, Jinan University, Guangzhou, ChinaAbstract
At Asiacrypt 2022, a holistic key guessing strategy was proposed to yield the most efficient key recovery for the rectangle attack. Recently, at Crypto 2023, a new cryptanalysis technique--the differential meet-in-the-middle (MITM) attack--was introduced. Inspired by these two previous works, we present three generic key recovery attacks in this paper. First, we extend the holistic key guessing strategy from the rectangle to the differential attack, proposing the generic classical differential attack (GCDA). Next, we combine the holistic key guessing strategy with the differential MITM attack, resulting in the generalized differential MITM attack (GDMA). Finally, we apply the MITM technique to the rectangle attack, creating the generic rectangle MITM attack (GRMA). In terms of applications, we improve 12/13-round attacks on AES-256. For 12-round AES-256, by using the GDMA, we reduce the time complexity by a factor of $2^{62}$; by employing the GCDA, we reduce both the time and memory complexities by factors of $2^{61}$ and $2^{56}$, respectively. For 13-round AES-256, we present a new differential attack with data and time complexities of $2^{89}$ and $2^{240}$, where the data complexity is $2^{37}$ times lower than previously published results. These are currently the best attacks on AES-256 using only two related keys. For KATAN-32, we increase the number of rounds covered by the differential attack from 115 to 151 in the single-key setting using the basic differential MITM attack (BDMA) and GDMA. Furthermore, we achieve the first 38-round rectangle attack on SKINNYe-64-256 by using the GRMA.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A major revision of an IACR publication in ASIACRYPT 2024
- Keywords
- Differential cryptanalysisRectangle attackMeet-in-the-middleKey recoveryAESKATANSKINNYe
- Contact author(s)
-
songling qs @ gmail com
liuhuimin301 @ gmail com
yangqianqian @ iie ac cn
icsnow98 @ gmail com
hulei @ iie ac cn
cryptjweng @ gmail com - History
- 2024-09-18: approved
- 2024-09-17: received
- See all versions
- Short URL
- https://ia.cr/2024/1447
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1447,
author = {Ling Song and Huimin Liu and Qianqian Yang and Yincen Chen and Lei Hu and Jian Weng},
title = {Generic Differential Key Recovery Attacks and Beyond},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1447},
year = {2024},
url = {https://eprint.iacr.org/2024/1447}
}
