Structural Cryptanalysis of SASAS

被引:48
作者
Biryukov, Alex [1 ]
Shamir, Adi [2 ]
机构
[1] Univ Luxembourg, FSTC, L-1359 Luxembourg, Luxembourg
[2] Weizmann Inst Sci, Dept Comp Sci, IL-76100 Rehovot, Israel
来源
JOURNAL OF CRYPTOLOGY | 2010年 / 23卷 / 04期
关键词
Cryptanalysis; Structural cryptanalysis; Multiset attack; Block ciphers; Substitution permutation networks; Substitution affine networks; Rijndael; AES;
D O I
10.1007/s00145-010-9062-1
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five-layer scheme with 128-bit plaintexts and 8-bit S-boxes is surprisingly weak against what we call a multiset attack, even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the multiset attack with an actual implementation, which required just 2(16) chosen plaintexts and a few seconds on a single PC to find the 2(17) bits of information in all the unknown elements of the scheme.
引用
收藏
页码:505 / 518
页数:14
相关论文
共 11 条
  • [1] ANDERSON R, 1998, 1 AES C
  • [2] [Anonymous], 2002, DESIGN RIJNDAEL AES
  • [3] [Anonymous], P 3 ADV ENCR STAND C
  • [4] [Anonymous], P INT C INF COMM SEC
  • [5] Biham E, 2000, LECT NOTES COMPUT SC, V1807, P408
  • [6] Biryukov A, 2003, LECT NOTES COMPUT SC, V2656, P33
  • [7] BIRYUKOV A, 2003, LECT NOTES COMPUTER, V2729
  • [8] Daemen J, 1997, LECT NOTES COMPUT SC, V1267, P149
  • [9] GILBERT H, 2000, P 3 ADV ENCR STAND C, P230
  • [10] Knudsen L, 2002, LECT NOTES COMPUT SC, V2365, P112
12