Improved impossible differential cryptanalysis of large-block Rijndael  被引量:2

在线阅读下载全文

作  者:Ya LIU Yifan SHI Dawu GU Bo DAI Fengyu ZHAO Wei LI Zhiqiang LIU Zhiqiang ZENG 

机构地区:[1]Engineering Research Center of Optical Instrument and System, Ministry of Education, Shanghai Key Lab of Modern Optical System, University of Shanghai for Science and Technology [2]State Key Laboratory of Cryptology [3]Department of Computer Science and Engineering, Shanghai Jiao Tong University [4]School of Computer Science and Technology, Donghua University [5]Shanghai Key Laboratory of Scalable Computing and Systems [6]Shanghai Key Laboratory of Integrated Administration Technologies for Information Security [7]Science and Technology on Information Assurance Laboratory

出  处:《Science China(Information Sciences)》2019年第3期1-14,共14页中国科学(信息科学)(英文版)

基  金:supported by National Natural Science Foundation of China (Grant Nos. 61402288, 61772129, 61601292, 61672347, 61472250);Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-17-008);Shanghai Natural Science Foundation (Grant Nos. 15ZR1400300, 16ZR1401100);Opening Project of the Shanghai Key Laboratory of Integrated Administration Technologies for Information Security (Grant No. AGK201703);Opening Project of the Shanghai Key Laboratory of Scalable Computing and Systems;National Cryptography Development Fund, and Fundamental Research Funds for the Central Universities

摘  要:Rijndael is a substitution-permutation network(SPN) block cipher for the AES development process. Its block and key sizes range from 128 to 256 bits in steps of 32 bits, which can be denoted by Rijndael-b-k, where b and k are the block and key sizes, respectively. Among them, Rijndael-128-128/192/256,that is, AES, has been studied by many researchers, and the security of other large-block versions of Rijndael has been exploited less frequently. However, more attention has been paid to large-block versions of block ciphers with the fast development of quantum computers. In this paper, we propose improved impossible differential attacks on 10-round Rijndael-256-256, 10-round Rijndael-224-256, and 9-round Rijndael-224-224 using precomputation tables, redundancies of key schedules, and multiple impossible differentials. For 10-round Rijndael-256-256, the data, time, and memory complexities of our attack were approximately 2^(244.4) chosen plaintexts, 2^(240.1) encryptions, and 2^(181.4) blocks, respectively. For 10-round Rijndael-224-256, the data, time, and memory complexities of our attack were approximately 2^(214.4) chosen plaintexts, 2^(241.3) encryptions, and 2^(183.4) blocks, respectively. For 9-round Rijndael-224-224, the data, time, and memory complexities of our attack are approximately 2^(214.4) chosen plaintexts, 2^(113.4) encryptions, and 2^(87.4) blocks,respectively, or 2^(206.6) chosen plaintexts, 2^(153.6) encryptions, and 2^(111.6) blocks, respectively. To the best of our knowledge, our results are currently the best on Rijndael-256-256 and Rijndael-224-224/256.Rijndael is a substitution-permutation network(SPN) block cipher for the AES development process. Its block and key sizes range from 128 to 256 bits in steps of 32 bits, which can be denoted by Rijndael-b-k, where b and k are the block and key sizes, respectively. Among them, Rijndael-128-128/192/256,that is, AES, has been studied by many researchers, and the security of other large-block versions of Rijndael has been exploited less frequently. However, more attention has been paid to large-block versions of block ciphers with the fast development of quantum computers. In this paper, we propose improved impossible differential attacks on 10-round Rijndael-256-256, 10-round Rijndael-224-256, and 9-round Rijndael-224-224 using precomputation tables, redundancies of key schedules, and multiple impossible differentials. For 10-round Rijndael-256-256, the data, time, and memory complexities of our attack were approximately 2^(244.4) chosen plaintexts, 2^(240.1) encryptions, and 2^(181.4) blocks, respectively. For 10-round Rijndael-224-256, the data, time, and memory complexities of our attack were approximately 2^(214.4) chosen plaintexts, 2^(241.3) encryptions, and 2^(183.4) blocks, respectively. For 9-round Rijndael-224-224, the data, time, and memory complexities of our attack are approximately 2^(214.4) chosen plaintexts, 2^(113.4) encryptions, and 2^(87.4) blocks,respectively, or 2^(206.6) chosen plaintexts, 2^(153.6) encryptions, and 2^(111.6) blocks, respectively. To the best of our knowledge, our results are currently the best on Rijndael-256-256 and Rijndael-224-224/256.

关 键 词:block cipher RIJNDAEL precomputation tables impossible differentials multiple impossible differential attacks 

分 类 号:N[自然科学总论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象