Impossible differential cryptanalysis is an important approach to evaluate the security of block ciphers. In EUROCRYPT 2016, Sun, et al. proved that there exists no impossible differential longer than four rounds for ...Impossible differential cryptanalysis is an important approach to evaluate the security of block ciphers. In EUROCRYPT 2016, Sun, et al. proved that there exists no impossible differential longer than four rounds for the AES structure where S-boxes are arbitrary. In DCC 2019, Wang,et al. proved that any differential is possible for 5-round AES, assuming that the round keys are independent and uniformly random. In ASIACRYPT 2020, Hu, et al. used automatic search to show that there exists no one-byte active impossible differential for 5-round AES-128 considering the relations of 3-round keys. By algebraic methods, this paper theoretically proves that there exists no one-byte active impossible differential for 5-round AES even considering the relations of all round keys. Firstly,the authors prove the independence of ten bytes in the consecutive four round keys under the key schedule of AES-128. Then 5-round AES is decomposed to three subfunctions and the propagations of the considered differences in these subfunctions are discussed. Finally, the authors prove that the considered differential trails can be connected by the ten bytes of round keys. Furthermore, for any given one-byte active differential, there are at least 2^(51) master keys such that the differential is possible for 5-round AES-128.展开更多
基金supported by the National Cryptography Development Fund of China under Grant Nos.MMJJ20170103 and MMJJ20180204.
文摘Impossible differential cryptanalysis is an important approach to evaluate the security of block ciphers. In EUROCRYPT 2016, Sun, et al. proved that there exists no impossible differential longer than four rounds for the AES structure where S-boxes are arbitrary. In DCC 2019, Wang,et al. proved that any differential is possible for 5-round AES, assuming that the round keys are independent and uniformly random. In ASIACRYPT 2020, Hu, et al. used automatic search to show that there exists no one-byte active impossible differential for 5-round AES-128 considering the relations of 3-round keys. By algebraic methods, this paper theoretically proves that there exists no one-byte active impossible differential for 5-round AES even considering the relations of all round keys. Firstly,the authors prove the independence of ten bytes in the consecutive four round keys under the key schedule of AES-128. Then 5-round AES is decomposed to three subfunctions and the propagations of the considered differences in these subfunctions are discussed. Finally, the authors prove that the considered differential trails can be connected by the ten bytes of round keys. Furthermore, for any given one-byte active differential, there are at least 2^(51) master keys such that the differential is possible for 5-round AES-128.
