The (related-key) impossible boomerang attack and its application to the AES block cipher

The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in 2005. Impossible differential cryptanalysis and the boomerang attack are powerful variants of differential cryptanalysis for analysing the security of a block cipher. In this paper, building on the notions of impossible differential cryptanalysis and the boomerang attack, we propose a new cryptanalytic technique, which we call the impossible boomerang attack, and then describe an extension of this attack which applies in a related-key attack scenario. Finally, we apply the impossible boomerang attack to break 6-round AES with 128 key bits and 7-round AES with 192/256 key bits, and using two related keys we apply the related-key impossible boomerang attack to break 8-round AES with 192 key bits and 9-round AES with 256 key bits. In the two-key related-key attack scenario, our results, which were the first to achieve this amount of attacked rounds, match the best currently known results for AES with 192/256 key bits in terms of the numbers of attacked rounds. The (related-key) impossible boomerang attack is a general cryptanalytic technique, and can potentially be used to cryptanalyse other block ciphers

Applying Grover's algorithm to AES: quantum resource estimates

We present quantum circuits to implement an exhaustive key search for the Advanced Encryption Standard (AES) and analyze the quantum resources required to carry out such an attack. We consider the overall circuit size, the number of qubits, and the circuit depth as measures for the cost of the presented quantum algorithms. Throughout, we focus on Clifford$+T$ gates as the underlying fault-tolerant logical quantum gate set. In particular, for all three variants of AES (key size 128, 192, and 256 bit) that are standardized in FIPS-PUB 197, we establish precise bounds for the number of qubits and the number of elementary logical quantum gates that are needed to implement Grover's quantum algorithm to extract the key from a small number of AES plaintext-ciphertext pairs.Comment: 13 pages, 3 figures, 5 tables; to appear in: Proceedings of the 7th International Conference on Post-Quantum Cryptography (PQCrypto 2016

Differential cryptanalysis of substitution permutation networks and Rijndael-like ciphers

A block cipher, in general, consist of several repetitions of a round transformation. A round transformation is a weak block cipher which consists of a nonlinear substitution transformation, a linear diffusion transformation and a key mixing. Differential cryptanalysis is a well known chosen plaintext attack on block ciphers. In this project, differential cryptanalysis is performed on two kinds of block ciphers: Substitution Permutation Networks(SPN) and Rijndael-like Ciphers. In order to strengthen a block cipher against differential attack, care should be taken in the design of both substitution and diffusion components and in the choice of number of rounds. In this context, most of the researches has been focused on the design of substitution component. In this project, differential cryptanalysis is carried out on several SPNs to find the role of permutation. Differential analysis on Rijndael-like ciphers is done to find the strength of the cipher as a whole. Tools are developed to configure and to perform differential analysis on these ciphers. In the context of SPN, the importance of permutation, the effect of bad permutation, no permutation and sequentially chosen plaintext pairs are discussed. The diffusion strength of SPN and Rijndael-like ciphers are discussed and compared

New primitives of controlled elements F2/4 for block ciphers

This paper develops the cipher design approach based on the use of data-dependent operations (DDOs). A new class of DDO based on the advanced controlled elements (CEs) is introduced, which is proven well suited to hardware implementations for FPGA devices. To increase the hardware implementation efficiency of block ciphers, while using contemporary FPGA devices there is proposed an approach to synthesis of fast block ciphers, which uses the substitution-permutation network constructed on the basis of the controlled elements F2/4 implementing the 2 x 2 substitutions under control of the four-bit vector. There are proposed criteria for selecting elements F2/4 and results on investigating their main cryptographic properties. It is designed a new fast 128-bit block cipher MM-128 that uses the elements F2/4 as elementary building block. The cipher possesses higher performance and requires less hardware resources for its implementation on the bases of FPGA devices than the known block ciphers. There are presented result on differential analysis of the cipher MM-12

Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Security Analysis Techniques Using Differential Relationships For Block Ciphers

The uses of block cipher has become crucial in nowadays’ computing era as well as the information security. Information must be available only for authenticated and authorized users.However,flaws and weaknesses in the cryptosystem can breach the security of stored and transmitted information.A weak key in the key schedule is well-known issues which may affect several round keys have same bits in common.Besides,information leaked from the implementation also affects the security of block ciphers.Based on the flaws and leakage,the adversary is able to assess the differential relationships in block cipher using differential cryptanalysis technique. Firstly,the existing differential cryptanalysis techniques have been evaluated.Secondly,based on the gaps that have to be filled in the existing differential cryptanalysis techniques,new frameworks of differential cryptanalysis techniques have been proposed and designed by using Pearson correlation coefficient,Hamming-weight leakage assumption and reference point.The Pearson correlation coefficient is used to determine the repeated differential properties in the key schedules.Meanwhile, reference point and Hamming-weight leakage assumption are used to assess the security of the implementation of block ciphers against side-channel cube attack and differential fault analysis.Thirdly,all proposed frameworks have been assessed.The results show that the repeated differential properties are found for AES, PRESENT and Simeck key schedules.However,AES key schedule is definitely ideal to be adopted in the design for the future cryptographic algorithm.In addition,the newly designed frameworks for side-channel differential analysis techniques have been able to reduce the attack complexities for Simeck32/64,KATAN32 and KTANTAN32 compared to previous work.In conclusion,the proposed frameworks are effective in analyzing the security of block ciphers using differential cryptanalysis techniques