Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192

doi:10.3969/j.issn.1671-1122.2020.04.005

Abstract

Abstract:

With high speed, easy standardization and easy implement in hardware and software, block cipher has a wide range of applications in the field of information security. It is necessary to study the security of block cipher. Impossible differential attack is one of the effective attack methods against block cipher. In this paper, we focus on impossible differential (ID) attacks on Rijndael-192. According to the property that the difference branch number of the MixColumns is 5, a new 5-round impossible differential is proposed; then based on this impossible differential, with property of S-box and the key schedule weakness, the key recovery on the 9-round Rijndael-192 is given. It is shown or the attack on 9-round Rijndael-192 with key size of 192, it requires data complexity of about 2^176.6 chosen plaintexts ,time complexity of about 2^188.2 encryptions and memory complexity of about 2¹²⁰ blocks, which is better than previous known results in terms of the data, time and memory complexity; for the attack on 9-round Rijndael-192 with key size of 224 and 256, it requires data complexity of about 2^178.2 chosen plaintexts, time complexity of about 2^197.8 encryptions and memory complexity of about 2¹²⁰blocks,which is better than previous known results in terms of the data and memory complexity.

Key words: crypt analysis, block cipher, Rijndael, impossible differential attack

CLC Number:

TP309

DONG Xiaoli, SHANG Shuai, CHEN Jie. Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192[J]. Netinfo Security, 2020, 20(4): 40-46.

Figures/Tables 3

References 15

[1]	DAEMEN J, RIJMEN V.The Design of Rijndael: AES: the Advanced Encryption Standard[M]. Berlin Heidelberg: Springer-Verlag, 2002.
[2]	GAURAVARA M, KNUDSEN LR, MATUSIEWICZ K, et al. Grøstl-a SHA-3 candidate[EB/OL]., Submission to NIST2008, 2019-7-15.
[3]	FERGUSON N, KELSEY J, LUCKS S, et al.Improved Cryptanalysis of Rijndael[C]//ACM. Fast Software Encryption 2000, April 10-12, 2000, New York, USA. New York: ACM, 1978: 213-230.
[4]	NAKAHAR A J, FREITAS D S, PHAN RC.New Multiset Attacks on Rijndael with Large Blocks[C]// Springer. Progress in Cryptology-Mycrypt 2005, September 28-30, 2005, Kuala Lumpur, Malaysia. Berlin: Springer-Verlag, LNCS, 2005: 277-295.
[5]	GALICE S, MINIER M.Improving Integral Attacks against Rijndael-256 up to 9 Rounds[C]// Springer. Progress in Cryptology-AFRICACRYPT 2008, June 11-14, 2008, Casablanca, Morocco. Berlin: Springer-Verlag, LNCS, 2008: 1-15.
[6]	LI Yanjun, WU Wenling.Improved Integral Attacks on Rijndael[J]. Journal of Information Science and Engineering, 2011, 27(6): 2031-2045.
[7]	ZHANG Lei, WU Wenling, PARK J H, et al.Improved Impossible Differential Attacks on Large-block Rijndael[C]// Springer. Information Security2008, September 15-18, 2008, Taipei, China. Berlin: Springer-Verlag, LNCS, 2008, 5222: 298-315.
[8]	WANG Qingju, GU Dawu, RIJMEN V, et al.Improved Impossible Differential Attacks on Large-block Rijndael.[C]// Springer. Information Security and Cryptology 2012, November 28-30, 2012, Seoul, Korea. Berlin: Springer-Verlag, LNCS, 2012: 126-140.
[9]	MINIER M.Improving Impossible-differential Attacks against Rijndael-160 and Rijndael-224[J]. Designs Codes & Cryptography, 2017, 82(1-2): 117-129.
[10]	CUI Jingyi, GUO Jiansheng, LIU Yipeng.Cryptanalysis of Rijndael-192/224 in Single Key Setting[C]// Springer. Chinese Conference on Trusted Computing and Information Security 2017, September 14-17, Changsha, China. Singapore: Springer, 2017: 97-111.
[11]	LIU Ya, SHI Yifan, GU Dawu, et al.Improved Impossible Differential Cryptanalysis of Large-block Rijndael[J]. Science China Information Sciences, 2019, 62(3): 32-101.
[12]	KNUDSEN L R. DEAL-a 128-bit Block Cipher[R]. Norway: Department of Informatics, University of Bergen, 1998.
[13]	BIHAM E, BIRYUKOV A, SHAMIR A.Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials[C]// Springer. Advances in Cryptology-EUROCRYPT1999, May 2-6, 1999, Prague, Czech Republic. Berlin: Springer-Verlag, 1999: 12-23.
[14]	DERBEZ P, FOUQUE PA, JEAN J.Improved Key Recovery Attacks on Reduced-round AES in the Single-key Setting[C]// Springer. Advances in Cryptology-EUROCRYPT 2013, May 26-30, 2013, Athens, Greece. Berlin: Springer-Verlag, 2013: 371-387.
[15]	LU Jiqiang.Cryptanalysis of Block Ciphers[D]. London: Royal Holloway University of London, 2008.

轮数	密钥长度	数据复杂度	时间复杂度	存储复杂度	攻击类型	来源
7	all	2¹²⁸-2¹¹⁹	2¹²⁰	small	部分和	文献[3]
7	160,192,224,256	2^130.5	2¹⁴⁴	small	多重集	文献[4]
8	192,224,256	2¹⁵⁸	2^177.4	small	不可能差分	文献[7]
8	192,224,256	2¹⁷⁹	2^81.4	small	不可能差分	文献[7]
9	192	2^183.4	2^188.4	2^163.1	不可能差分	文献[11]
9	192	2^176.6	2^188.2	2¹²⁰	不可能差分	本文方案
9	224,256	2^183.4	2^188.4	2^163.1	不可能差分	文献[11]
9	224,256	2^178.2	2^197.8	2¹²⁰	不可能差分	本文方案