A new 5-round distinguisher of AES with key whitening is presented by using the properties of its round transformation. Based on this distinguisher,we present new meet-in-the-middle attacks on reduced AES considering ...A new 5-round distinguisher of AES with key whitening is presented by using the properties of its round transformation. Based on this distinguisher,we present new meet-in-the-middle attacks on reduced AES considering the key schedule and the time-memory tradeoff approach. New attacks improve the best known meet-in-the-middle attacks on reduced AES presented at FSE2008.We reduce the time complexity of attacks on 7-round AES-192 and 8-round AES-256 by a factor of at least 28. Moreover,the distinguisher can be exploited to develop the attack on 8-round AES-192.展开更多
We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same...We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.展开更多
基金supported by the Nature Science Foundation of China under grant 60970119, 60833008the National Basic Research Program of China(973) under grant 2007CB311201the Fundamental Research Funds for the Central Universities under grant K50510010018
文摘A new 5-round distinguisher of AES with key whitening is presented by using the properties of its round transformation. Based on this distinguisher,we present new meet-in-the-middle attacks on reduced AES considering the key schedule and the time-memory tradeoff approach. New attacks improve the best known meet-in-the-middle attacks on reduced AES presented at FSE2008.We reduce the time complexity of attacks on 7-round AES-192 and 8-round AES-256 by a factor of at least 28. Moreover,the distinguisher can be exploited to develop the attack on 8-round AES-192.
基金the National Natural Science Foundation of China (No. 61272434)the Natural Science Foundation of Shandong Province (Nos. ZR2011FQ032 and ZR2012FM004)+1 种基金the Project of Shandong Province Higher Educational Science and Technology Program(No. J11LG33)the Project of Senior Visiting Scholar of Shandong Province
文摘We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.
