ACAC Seminar Abstract

ACAC Seminar Abstract

ACAC Seminars

ACAC Seminar Abstract

Automatic Search for Related-Key Differentials in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others

Speaker: Ivica Nikolic
Date, Time: Fri, 12 Feb 2010 15:00

While the differential behavior of modern ciphers in a single secret key scenario is relatively well understood, and simple techniques for computation of security lower bounds are readily available, the security of modern block ciphers against related key attacks is still very ad hoc. We make the first step towards provable security of block ciphers against related key and even open key attacks by presenting an efficient search tool for finding differentials both in the state and in the key (note that due to similarities between block ciphers and hash functions such tool will be useful in analysis of hash functions as well). We use this tool to search for the best possible related-key differentials in AES, Camellia, Khazad, FOX, and Anubis. We show the best related-key differentials for 5, 11, and 14 rounds of AES-128, AES-192, and AES-256, respectively. We use the optimal differentials that we have found in order to design the best related key and chosen key attacks on AES-128 (7 out of 10 rounds), AES-192 (full 12 rounds), byte-Camelia (full 18 rounds) and Khazad (7 and 8 out of 8 rounds). We also show that ciphers FOX and Anubis have no related-key attacks on more than 4-5 rounds.

Back to the top of this page