Structural Cryptanalysis of SASAS

被引:48
作者
Biryukov, Alex [1 ]
Shamir, Adi [2 ]
机构
[1] Univ Luxembourg, FSTC, L-1359 Luxembourg, Luxembourg
[2] Weizmann Inst Sci, Dept Comp Sci, IL-76100 Rehovot, Israel
来源
JOURNAL OF CRYPTOLOGY | 2010年 / 23卷 / 04期
关键词
Cryptanalysis; Structural cryptanalysis; Multiset attack; Block ciphers; Substitution permutation networks; Substitution affine networks; Rijndael; AES;
D O I
10.1007/s00145-010-9062-1
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five-layer scheme with 128-bit plaintexts and 8-bit S-boxes is surprisingly weak against what we call a multiset attack, even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the multiset attack with an actual implementation, which required just 2(16) chosen plaintexts and a few seconds on a single PC to find the 2(17) bits of information in all the unknown elements of the scheme.
引用
收藏
页码:505 / 518
页数:14
相关论文
共 11 条
[1]  
ANDERSON R, 1998, 1 AES C
[2]  
[Anonymous], 2002, DESIGN RIJNDAEL AES
[3]  
[Anonymous], P 3 ADV ENCR STAND C
[4]  
[Anonymous], P INT C INF COMM SEC
[5]  
Biham E, 2000, LECT NOTES COMPUT SC, V1807, P408
[6]  
Biryukov A, 2003, LECT NOTES COMPUT SC, V2656, P33
[7]  
BIRYUKOV A, 2003, LECT NOTES COMPUTER, V2729
[8]  
Daemen J, 1997, LECT NOTES COMPUT SC, V1267, P149
[9]  
GILBERT H, 2000, P 3 ADV ENCR STAND C, P230
[10]  
Knudsen L, 2002, LECT NOTES COMPUT SC, V2365, P112
12