Abstract
In this paper, we demonstrate attacks based on integral cryptanalysis which allow to recover both the secret key and the secret S-box for respectively four, five, and six rounds of the AES. Despite the significantly larger amount of secret information which an adversary needs to recover, the attacks are very efficient with time/data complexities of 217/216, 238/240 and 290/264, respectively.
Another interesting aspect of our attack is that it works both as chosen plaintext and as chosen ciphertext attack. Surprisingly, the chosen ciphertext variant has a significantly lower time complexity in the attacks on four and five round, compared to the respective chosen plaintext attacks.
Original language | English |
---|---|
Title of host publication | Revised Selected Papers of the 22nd International Workshop on Fast Software Encryption (FSE 2015) |
Editors | Gregor Leander |
Publisher | Springer |
Publication date | 2015 |
Pages | 175-189 |
ISBN (Print) | 978-3-662-48115-8 |
ISBN (Electronic) | 978-3-662-48116-5 |
DOIs | |
Publication status | Published - 2015 |
Event | 22nd International Workshop on Fast Software Encryption (FSE 2015) - Istanbul, Turkey Duration: 8 Mar 2015 → 11 Mar 2015 Conference number: 22 http://www.lightsec.org/fse2015/ |
Workshop
Workshop | 22nd International Workshop on Fast Software Encryption (FSE 2015) |
---|---|
Number | 22 |
Country | Turkey |
City | Istanbul |
Period | 08/03/2015 → 11/03/2015 |
Internet address |
Keywords
- AES
- Integral cryptanalysis
- Secret S-box
Cite this
}
Security of the AES with a Secret S-Box. / Tiessen, Tyge; Knudsen, Lars Ramkilde; Kölbl, Stefan; Lauridsen, Martin Mehl.
Revised Selected Papers of the 22nd International Workshop on Fast Software Encryption (FSE 2015). ed. / Gregor Leander. Springer, 2015. p. 175-189.Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review
TY - GEN
T1 - Security of the AES with a Secret S-Box
AU - Tiessen, Tyge
AU - Knudsen, Lars Ramkilde
AU - Kölbl, Stefan
AU - Lauridsen, Martin Mehl
PY - 2015
Y1 - 2015
N2 - How does the security of the AES change when the S-box is replaced by a secret S-box, about which the adversary has no knowledge? Would it be safe to reduce the number of encryption rounds? In this paper, we demonstrate attacks based on integral cryptanalysis which allow to recover both the secret key and the secret S-box for respectively four, five, and six rounds of the AES. Despite the significantly larger amount of secret information which an adversary needs to recover, the attacks are very efficient with time/data complexities of 217/216, 238/240 and 290/264, respectively. Another interesting aspect of our attack is that it works both as chosen plaintext and as chosen ciphertext attack. Surprisingly, the chosen ciphertext variant has a significantly lower time complexity in the attacks on four and five round, compared to the respective chosen plaintext attacks.
AB - How does the security of the AES change when the S-box is replaced by a secret S-box, about which the adversary has no knowledge? Would it be safe to reduce the number of encryption rounds? In this paper, we demonstrate attacks based on integral cryptanalysis which allow to recover both the secret key and the secret S-box for respectively four, five, and six rounds of the AES. Despite the significantly larger amount of secret information which an adversary needs to recover, the attacks are very efficient with time/data complexities of 217/216, 238/240 and 290/264, respectively. Another interesting aspect of our attack is that it works both as chosen plaintext and as chosen ciphertext attack. Surprisingly, the chosen ciphertext variant has a significantly lower time complexity in the attacks on four and five round, compared to the respective chosen plaintext attacks.
KW - AES
KW - Integral cryptanalysis
KW - Secret S-box
U2 - 10.1007/978-3-662-48116-5_9
DO - 10.1007/978-3-662-48116-5_9
M3 - Article in proceedings
SN - 978-3-662-48115-8
SP - 175
EP - 189
BT - Revised Selected Papers of the 22nd International Workshop on Fast Software Encryption (FSE 2015)
A2 - Leander, Gregor
PB - Springer
ER -