Article

Improved Single-Key Attacks on 8-round AES.

IACR Cryptology ePrint Archive 01/2010; 2010:322.
Source: DBLP
0 Bookmarks
 · 
45 Views
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents ongoing work towards extensions of meet-in-the-middle (MITM) attacks on block ciphers. Exploring developments in MITM attacks in hash analysis such as: (i) the splice-and-cut technique; (ii) the indirect-partial-matching technique. Our first contribution is that we show corrections to previous cryptanalysis and point out that the key schedule is more vulnerable to MITM attacks than previously reported. Secondly we further improve the time complexities of previous attacks with (i) and (ii), now the 80-bit secret key of the full rounds KTANTAN-{32,48,64} can be recovered at time complexity of 272.9, 273.8 and 274.4 respectively, each requiring 4 chosen-plaintexts.
    Information Security and Privacy - 16th Australasian Conference, ACISP 2011, Melbourne, Australia, July 11-13, 2011. Proceedings; 01/2011
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we describe a variant of existing meet-in-the-middle attacks on block ciphers. As an application, we propose meet-in-the-middle attacks that are applicable to the KTANTAN family of block ciphers accepting a key of 80 bits. The attacks are due to some weaknesses in its bitwise key schedule. We report an attack of time complexity 275.170 encryptions on the full KTANTAN32 cipher with only 3 plaintext/ciphertext pairs and well as 275.044 encryptions on the full KTANTAN48 and 275.584 encryptions on the full KTANTAN64 with 2 plaintext/ciphertext pairs. All these attacks work in the classical attack model without any related keys. In the differential related-key model, we demonstrate 218- and 174-round differentials holding with probability 1. This shows that a strong related-key property can translate to a successful attack in the non-related-key setting. Having extremely low data requirements, these attacks are valid even in RFID-like environments where only a very limited amount of text material may be available to an attacker.
    IACR Cryptology ePrint Archive. 01/2010; 2010:532.

Full-text

Download
0 Downloads