Skip to main content
SpringerLink
Log in

A cluster-based practical key recovery attack on reduced-round AES using impossible-differential cryptanalysis

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Advanced Encryption Standard (AES) is a well-known, extensively used, broadly studied, and industry-standard symmetric key-based block cipher. Hence cryptanalysis of AES is a felicitous job for the cryptography researchers. Impossible differential cryptanalysis (IDC) is a powerful attack technique on symmetric-key ciphers. In this paper, we report a cluster-based parallel attack to retrieve the full key for all versions of five-round AES (128, 192, 256) and partial key recovery of six-round AES (192, 256) using IDC. The full key of AES-128 can be determined in only 6.5 min. To recover the full key of five-round AES-192/256, a total of 10 minutes is required. Next we find the second round key of six-round AES-(192, 256). It takes a total of 12.5 min. To the best of our knowledge, our results outperformed the existing best results with respect to timing and as well as the success probability for the full/partial key recovery of five/six rounds of AES.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. A preliminary version of this paper is presented in SPACE 2019 [32].

References

  1. Biham E, Shamir A (1993) Differential cryptanalysis of the data encryption standard. Springer, Berlin, Heidelberg

    Book  MATH  Google Scholar 

  2. Knudsen L (1998) Deal - a 128-bit block cipher. In: NIST AES Proposal

  3. Biham E, Biryukov A, Shamir A (1999) Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, Proceeding, pp 12–23https://doi.org/10.1007/3-540-48910-X_2

  4. Boura C, Naya-Plasencia M, Suder V (2014) Scrutinizing and improving impossible differential attacks: Applications to clefia, camellia, lblock and simon. In: Sarkar P, Iwata T (eds) Advances in Cryptology - ASIACRYPT 2014. Springer, Berlin, Heidelberg, pp 179–199

    Google Scholar 

  5. Boura C, Lallemand V, Naya-Plasencia M, Suder V (2018) Making the impossible possible. J Cryptol 31(1):101–133. https://doi.org/10.1007/s00145-016-9251-7

    Article  MathSciNet  MATH  Google Scholar 

  6. Yang Q, Hu L, Shi D, Todo Y, Sun S (2018) On the complexity of impossible differential cryptanalysis. Secur Commun Netw 2018:7393401–1739340111. https://doi.org/10.1155/2018/7393401

    Article  Google Scholar 

  7. Biham E, Keller N (2000) Cryptanalysis of reduced variants of rijndael. In: 3rd AES Conference 230

  8. Gilbert H, Minier M (2000) A Collision Attack on 7 Rounds of Rijndael. In: The Third Advanced Encryption Standard Candidate Conference, April 13-14, New York, New York, USA, pp 230–241

  9. Daemen J, Knudsen LR, Rijmen, V (1997) The block cipher square. In: Biham E (ed.) Fast Software Encryption, 4th international workshop, FSE ’97, Haifa, Israel, January 20-22, 1997, Proceedings. Lecture Notes in Computer Science, vol 1267, pp 149–165. Springer. https://doi.org/10.1007/BFb0052343

  10. Wagner DA (1999) The boomerang attack. In: Knudsen LR (ed) Fast software encryption, 6th international workshop, FSE ’99, Rome, Italy, March 24-26, 1999, Proceedings. Lecture Notes in Computer Science, vol 1636, pp 156–170. Springer. https://doi.org/10.1007/3-540-48519-8_12

  11. Biryukov A (2004). The Boomerang Attack on 5 and 6-Round Reduced AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) Advanced Encryption Standard - AES, 4th International Conference, AES 2004, Bonn, Germany, May 10-12, 2004, Revised Selected and Invited Papers. Lecture Notes in Computer Science, vol 3373, pp 11–15. Springer. https://doi.org/10.1007/11506447_2

  12. Grassi L (2018) Mixture differential cryptanalysis: a new approach to distinguishers and attacks on round-reduced AES. IACR Trans Symmetric Cryptol 2018(2):133–160

    Article  Google Scholar 

  13. Biham E, Biryukov A, Dunkelman O, Richardson E, Shamir A (1998) Initial observations on skipjack: cryptanalysis of skipjack-3xor. In: Tavares, SE, Meijer H (eds) Selected Areas in Cryptography ’98, SAC’98, Kingston, Ontario, Canada, August 17-18, 1998, Proceedings. Lecture Notes in Computer Science, vol 1556, pp 362–376. Springer. https://doi.org/10.1007/3-540-48892-8_27

  14. Knudsen LR, Wagner DA (2002) Integral cryptanalysis. In: Daemen J, Rijmen V (eds) Fast Software encryption, 9th international workshop, FSE 2002, Leuven, Belgium, February 4-6, 2002, Revised Papers. Lecture Notes in Computer Science, vol 2365, pp 112–127, Springer. https://doi.org/10.1007/3-540-45661-9_9

  15. Grassi L, Schofnegger M (2020) Mixture integral attacks on reduced-round AES with a known/secret s-box. In: Bhargavan K, Oswald E, Prabhakaran M (eds) Progress in Cryptology - INDOCRYPT 2020 - 21st international conference on cryptology in India, Bangalore, India, December 13-16, 2020, Proceedings. Lecture Notes in Computer Science, vol 12578, pp 312–331. https://doi.org/10.1007/978-3-030-65277-7_14

  16. Diffie W, Hellman ME (1977) Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6):74–84. https://doi.org/10.1109/C-M.1977.217750

    Article  Google Scholar 

  17. Demirci H, Taskin I, Çoban M, Baysal A (2009) Improved meet-in-the-middle attacks on AES. In: Roy BK, Sendrier N (eds) Progress in Cryptology - INDOCRYPT 2009, 10th international conference on cryptology in India, New Delhi, India, December 13-16. Proceedings. Lecture Notes in Computer Science, vol 5922, pp 144–156. Springer. https://doi.org/10.1007/978-3-642-10628-6_10

  18. Cheon JH, Kim M, Kim K, Lee J, Kang S (2001) Improved Impossible Differential Cryptanalysis of Rijndael and Crypton. In: Information Security and Cryptology - ICISC 2001, 4th International Conference Seoul, Korea, December 6-7, Proceedings, pp 39–49. https://doi.org/10.1007/3-540-45861-1_4

  19. Zhang W, Wu W, Feng D (2007) New Results on Impossible Differential Cryptanalysis of Reduced AES. In: Information Security and Cryptology - ICISC 2007, 10th International Conference, Seoul, Korea, November 29-30, Proceedings, pp 239–250. https://doi.org/10.1007/978-3-540-76788-6_19

  20. Phan RC (2004) Impossible differential cryptanalysis of 7-round advanced encryption standard (AES). Inf Process Lett 91(1):33–38

    Article  MathSciNet  MATH  Google Scholar 

  21. Daemen J, Rijmen V (2002) The design of Rijndael: AES - The advanced encryption standard. Information security and cryptography, Springer. https://doi.org/10.1007/978-3-662-04722-4

  22. Rahman M, Saha D, Paul G (2021) Boomeyong: embedding yoyo within boomerang and its applications to key recovery attacks on AES and pholkos. IACR Trans Symmetric Cryptol 2021(3):137–169. https://doi.org/10.46586/tosc.v2021.i3.137-169

    Article  Google Scholar 

  23. Derbez P (2013) Meet-in-the-middle attacks on AES. (attaques par rencontre par le milieu sur l’aes). PhD thesis, École Normale Supérieure, Paris, France. https://tel.archives-ouvertes.fr/tel-00918146

  24. Tiessen T, Knudsen LR, Kölbl S, Lauridsen MM (2015) Security of the AES with a secret s-box. In: Leander, G. (ed.) Fast software encryption - 22nd international workshop, FSE 2015, Istanbul, Turkey, March 8-11, 2015, revised selected papers. Lecture Notes in Computer Science, vol 9054, pp 175–189. Springer. https://doi.org/10.1007/978-3-662-48116-5_9

  25. Bar-On A, Dunkelman O, Keller N, Ronen E, Shamir A (2018) Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities. In: Advances in cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part II, pp 185–212. https://doi.org/10.1007/978-3-319-96881-0_7

  26. Rønjom S, Bardeh NG, Helleseth T (2017) Yoyo tricks with AES. In: Takagi T, Peyrin T (eds) Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, Proceedings, Part I. Lecture notes in computer science, vol 10624, pp 217–243, Springer. https://doi.org/10.1007/978-3-319-70694-8_8

  27. Dunkelman O, Keller N, Ronen E, Shamir A (2020) The Retracing Boomerang Attack. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology - EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10-14, Proceedings, Part I. Lecture notes in computer science, vol 12105, pp 280–309, Springer. https://doi.org/10.1007/978-3-030-45721-1_11

  28. Bariant A, Leurent G (2022) Truncated boomerang attacks and application to aes-based ciphers. IACR Cryptol ePrint Arch, 701

  29. Bardeh NG, Rijmen V (2022) New key-recovery attack on reduced-round AES. IACR Trans Symmetric Cryptol 2022(2):43–62. https://doi.org/10.46586/tosc.v2022.i2.43-62

    Article  Google Scholar 

  30. Mala H, Dakhilalian M, Rijmen V, Modarres-Hashemi M (2010) Improved Impossible Differential Cryptanalysis of 7-Round AES-128. In: Progress in Cryptology - INDOCRYPT 2010 - 11th International Conference on Cryptology in India, Hyderabad, India, December 12-15. Proceedings, pp 282–291. https://doi.org/10.1007/978-3-642-17401-8_20

  31. Kakarla S, Mandava S, Saha D, Roy Chowdhury D (2017) On the Practical Implementation of Impossible Differential Cryptanalysis on Reduced-Round AES. In: Applications and Techniques in Information Security - 8th International Conference, ATIS 2017, Auckland, New Zealand, July 6-7. Proceedings, pp 58–72. https://doi.org/10.1007/978-981-10-5421-1_6

  32. Pal D, Agrawal D, Das A, Chowdhury DR (2019) An Efficient Parallel Implementation of Impossible-Differential Cryptanalysis for Five-Round AES-128. In: Security, Privacy, and Applied cryptography Engineering - 9th International Conference, SPACE 2019, Gandhinagar, India, December 3-7, Proceedings, pp 106–122. https://doi.org/10.1007/978-3-030-35869-3_9

Download references

Acknowledgements

We thank the anonymous reviewers for their valuable comments and advice, which immensely enhanced the quality of this paper. The work of this paper is supported by the Ministry of Electronics and Information Technology, Government of India.

Author information

Author notes

  1. Md Rasid Ali, Abhijit Das and Dipanwita Roy Chowdhury have contributed equally to this work.

Authors and Affiliations

  1. Crypto Research Lab, Department of Computer Science and Engineering, IIT Kharagpur, Kharagpur, West Bengal, 721301, India

    Debranjan Pal, Md Rasid Ali, Abhijit Das & Dipanwita Roy Chowdhury

Authors
  1. Debranjan Pal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Md Rasid Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abhijit Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dipanwita Roy Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Debranjan Pal.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pal, D., Ali, M.R., Das, A. et al. A cluster-based practical key recovery attack on reduced-round AES using impossible-differential cryptanalysis. J Supercomput 79, 6252–6289 (2023). https://doi.org/10.1007/s11227-022-04872-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-022-04872-y

Keywords

Search

Navigation