Bicliques with Minimal Data and Time Complexity for AES
Andrey Bogdanov,Donghoon Chang,Mohona Ghosh,Somitra Kumar Sanadhya +3 more
- pp 160-174
TLDR
In this article, the authors exhaustively analyze the most promising class of biclique cryptanalysis as applied to AES through a computer-assisted search and find optimal attacks towards lowest computational and data complexities.Abstract:
In this paper, we re-evaluate the security-bound of full round AES against biclique attack. Under some reasonable restrictions, we exhaustively analyze the most promising class of biclique cryptanalysis as applied to AES through a computer-assisted search and find optimal attacks towards lowest computational and data complexities:
Among the attacks with the minimal data complexity of the unicity distance, the ones with computational complexity \(2^{126.67}\) (for AES-128), \(2^{190.9}\) (for AES-192) and \(2^{255}\) (for AES-256) are the fastest. Each attack just requires 2 (for AES-128 and AES-192) or 3 (for AES-256) known plaintexts for success probability 1. We obtain these results using the improved biclique attack proposed in Crypto’13.
Among the attacks with data complexity less than the full codebook, for AES-128, the ones of computational complexity \(2^{126.16}\) are fastest. Within these, the one with data complexity \(2^{64}\) requires the smallest amount of data. Thus, the original attack (with data complexity \(2^{88}\)) did not have the optimal data complexity for AES-128. Similar findings are observed for AES-192 as well (data complexity \(2^{48}\) as against \(2^{80}\) in the original attack). For AES-256, we find an attack that has a lower computational complexity of \(2^{254.31}\) as compared to the original attack complexity of \(2^{254.42}\).
Among all the attacks covered, the ones of computational complexity \(2^{125.56}\) (for AES-128), \(2^{189.51}\) (for AES-192) and \(2^{253.87}\) (for AES-256) are fastest, though requiring the full codebook. This can be considered as an indication of the limitations of the independent biclique attack approach as applied to AES.read more
Citations
More filters
Book ChapterDOI
Improving the Biclique Cryptanalysis of AES
Biaoshuai Tao,Hongjun Wu +1 more
TL;DR: The biclique attack on the full AES with a single key is improved by increasing the bicles size to \(2^{16}\times 2^8\) and \(2^8\times 2^{16}\) and the number of S-boxes computed in the matching phase is reduced.
Book ChapterDOI
Analyzing Multi-Key Security Degradation
TL;DR: It is proved that GCM, as a mode, does not have multi-key degradation, and limits on the amount of data that can be processed per key by GCM to be significantly increased, which leads directly to improved security for GCM as deployed in TLS on the Internet today.
Posted Content
Too Much Crypto.
TL;DR: Advocating a rational and scientific approach to round numbers selection, this work proposes revised number of rounds for AES, BLAKE2, ChaCha, and SHA-3, which offer more consistent security margins across primitives and make them much faster, without increasing the security risk.
Book ChapterDOI
Impossible-Differential and Boomerang Cryptanalysis of Round-Reduced Kiasu-BC
Christoph Dobraunig,Eik List +1 more
TL;DR: Kiasu-BC as discussed by the authors is a tweakable block cipher proposed by Jean et al. at ASIACRYPT 2014 alongside their TWEAKEY framework, which is almost identical to the AES-128 except for the tweak.
Dissertation
Hidden Structures and Quantum Cryptanalysis
TL;DR: This thesis proposes a new classical attack against multiple variants of the cipher MiMC, the most used symmetric cipher to date, and proposes a concrete and asymptotic quantum security analysis of some isogeny-based key exchanges.
References
More filters
Book
The Design of Rijndael: AES - The Advanced Encryption Standard
Joan Daemen,Vincent Rijmen +1 more
TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.
BookDOI
The Design of Rijndael
Joan Daemen,Vincent Rijmen +1 more
TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
Book
Fast Software Encryption
TL;DR: Simplified variants that omit a quadratic function and a fixed rotation in RC6 are examined to clarify their essential contribution to the overall security of RC6.
Book ChapterDOI
Polynomial reconstruction based cryptography
Aggelos Kiayias,Moti Yung +1 more
TL;DR: A short overview of recent works on the problem of Decoding Reed Solomon Codes (aka Polynomial Reconstruction) and the novel applications that were enabled due to this development.
Book ChapterDOI
Biclique cryptanalysis of the full AES
TL;DR: This paper presents the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: the first key recovery method for the full AES-128 with computational complexity 2126.1.4 and key recovery methods with lower complexity for the reduced-round versions of AES not considered before.