2 research outputs found
Distinguisher and Related-Key Attack on the Full AES-256 (Extended Version)
In this paper we construct a chosen-key distinguisher and a
related-key attack on the full 256-bit key AES. We define a
notion of {\em differential -multicollision} and show that for
AES-256 -multicollisions can be constructed in time and with negligible memory, while we prove that the same
task for an ideal cipher of the same block size would require at
least time. Using similar
approach and with the same complexity we can also construct
-pseudo collisions for AES-256 in Davies-Meyer hashing mode, a
scheme which is provably secure in the ideal-cipher model. We have
also computed partial -multicollisions in time
on a PC to verify our results. These results show that AES-256 can
not model an ideal cipher in theoretical constructions.
Finally, we extend our results
to find the first publicly known attack on the full 14-round
AES-256: a related-key distinguisher which works for one out of
every keys with data and time complexity and
negligible memory. This distinguisher is translated into a
key-recovery
attack with total complexity of time and memory
Parallelizing the Camellia and SMS4 Block Ciphers - Extended version
The n-cell GF-NLFSR (Generalized Feistel-NonLinear Feedback Shift Register) structure [8] is a generalized unbalanced Feistel network that can be considered as a generalization of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other n-cell generalized Feistel networks, e.g. SMS4 [11] and Camellia [5], is that it is parallelizable for up to n rounds. In hardware implementations, the benefits translate to speeding up encryption by up to n times while consuming similar area and significantly less power. At the same time n-cell GF-NLFSR structures offer similar proofs of security against differential cryptanalysis as conventional n-cell Feistel structures. We also ensure that parallelized versions of Camellia and SMS4 are resistant against other block cipher attacks such as linear, boomerang, integral, impossible differential, higher order differential,interpolation, slide, XSL and related-key differential attacks