nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Improved Meet-in-the-Middle Attacks on 7 and 8-Round ARIA-192 and ARIA-256

verfasst von : Akshima, Donghoon Chang, Mohona Ghosh, Aarushi Goel, Somitra Kumar Sanadhya

Erschienen in: Progress in Cryptology -- INDOCRYPT 2015

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The ARIA block cipher has been established as a Korean encryption standard by Korean government since 2004. In this work, we re-evaluate the security bound of reduced round ARIA-192 and ARIA-256 against meet-in-the-middle (MITM) key recovery attacks in the single key model. We present a new 4-round distinguisher to demonstrate the best 7 & 8 round MITM attacks on ARIA-192/256. Our 7-round attack on ARIA-192 has data, time and memory complexity of \(2^{113}\), \(2^{135.1}\) and \(2^{130}\) respectively. For our 7-round attack on ARIA-256, the data/time/memory complexities are \(2^{115}\), \(2^{136.1}\) and \(2^{130}\) respectively. These attacks improve upon the previous best MITM attack on the same in all the three dimensions. Our 8-round attack on ARIA-256 requires \(2^{113}\) cipher calls and has time and memory complexity of \(2^{245.9}\) and \(2^{138}\) respectively. This improves upon the previous best MITM attack on ARIA-256 in terms of time as well as memory complexity. Further, in our attacks, we are able to recover the actual secret key unlike the previous cryptanalytic attacks existing on ARIA-192/256. To the best of our knowledge, this is the first actual key recovery attack on ARIA so far. We apply multiset attack - a variant of meet-in-the-middle attack to achieve these results.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Some Results Using the Matrix Methods on Impossible, Integral and Zero-Correlation Distinguishers for Feistel-Like Ciphers

Nächstes Kapitel Structural Evaluation for Generalized Feistel Structures and Applications to LBlock and TWINE

Nur mit Berechtigung zugänglich

Random differences in 16-bytes of \(\varDelta Y_3\) yield random differences in the 7 active bytes of \(\varDelta X_4\) which in turn lead to random differences in the active bytes of \(\varDelta Y_4\). The probability that these random differences in the 7-bytes of \(\varDelta Y_4\) are equal is \(2^{-48}\).

One structure has \(2^{56} \times 2^{55}\) = \(2^{111}\) plaintext pairs. Therefore, \(2^{57}\) structures have \(2^{57 + 111}\) = \(2^{168}\) plaintext pairs.

Encrypt the chosen right pair message to one full round using \(k_1\)[3, 4, 6, 8, 9, 13, 14] and compute \(Z_1\)[0]. Xor other \(Z_1\)[0] byte with 255 other values and decrypt them back to obtain the other plaintexts.

Note that the probability of randomly having a match is \(2^{-467.6}\) and not \(2^{-505.17}\) since the number of ordered sequences associated with a multiset is not constant [7].

The normalization factor of \(2^{-1.9}\) is calculated by calculating the ratio of number of S-Box operations required in the precomputation phase to the total number of S-Box operations performed in 7-Round ARIA encryption. Similarly all other normalization factors have been calculated.

Biryukov, A., De Canniere, C., Lano, J., Ors, S.B., Preneel, B.: Security and performance analysis of ARIA, version 1.2. Technical report, Katholieke Universiteit Leuven, Belgium (2004). http://www.cosic.esat.kuleuven.be/publications/article-500.pdf

De Cannière, C.: Analysis and Design of Symmetric Encryption Algorithms. PhD thesis, Katholieke Universiteit Leuven, Belgium, May 2007

Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002)CrossRef

Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008) CrossRef

Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013) CrossRef

Du, C., Chen, J.: Impossible differential cryptanalysis of ARIA reduced to 7 Rounds. In: Heng, S.-H., Wright, R.N., Goi, B.-M. (eds.) CANS 2010. LNCS, vol. 6467, pp. 20–30. Springer, Heidelberg (2010) CrossRef

Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. J. Cryptology 28(3), 397–422 (2015)MathSciNetCrossRef

Fleischmann, E., Forler, C., Gorski, M., Lucks, S.: New boomerang attacks on ARIA. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 163–175. Springer, Heidelberg (2010) CrossRef

Korean Agency for Technology and Standards. 128 bit block encryption algorithm ARIA - Part 1: General (in Korean). KS X 1213-1:2009, December 2009

10.

Kim, W.-H., Lee, J., Park, J.-H., Kwon, D.: Addition of the ARIA Cipher Suites to Transport Layer Security (TLS). RFC 6209, April 2011. https://tools.ietf.org/html/rfc6209

11.

Kwon, D., Kim, J., Lee, J., Lee, J., Kim, C.: A Description of the ARIA Encryption Algorithm. RFC 5794, March 2010. https://tools.ietf.org/html/rfc5794

12.

Kwon, D., et al.: New block cipher: ARIA. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971. Springer, Heidelberg (2004) CrossRef

13.

RSA Laboratories. Additional PKCS #11 Mechanisms. PKCS #11 v2.20 Amendment 3 Revision 1, January 2007

14.

Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009) CrossRef

15.

Li, R., Sun, B., Zhang, P., Li, C.: New impossible differential cryptanalysis of ARIA. IACR Cryptology ePrint Archive, 2008:227 (2008). http://eprint.iacr.org/2008/227

16.

Li, Y., Wu, W., Zhang, L.: Integral attacks on reduced-round ARIA block cipher. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds.) ISPEC 2010. LNCS, vol. 6047, pp. 19–29. Springer, Heidelberg (2010) CrossRef

17.

Tang, X., Sun, B., Li, R., Li, C., Yin, J.: A meet-in-the-middle attack on reduced-round ARIA. J. Syst. Softw. 84(10), 1685–1692 (2011)CrossRef

18.

Wenling, W., Zhang, W., Feng, D.: Impossible differential cryptanalysis of reduced-round ARIA and camellia. J. Comput. Sci. Technol. 22(3), 449–456 (2007)CrossRef

19.

Z’aba, M.R.: Analysis of linear relationships in block ciphers. Master’s thesis, Queensland University of Technology, May 2010

Titel: Improved Meet-in-the-Middle Attacks on 7 and 8-Round ARIA-192 and ARIA-256
verfasst von: Akshima
Donghoon Chang
Mohona Ghosh
Aarushi Goel
Somitra Kumar Sanadhya
Verlag: Springer International Publishing
Buch: Progress in Cryptology -- INDOCRYPT 2015
Print ISBN: 978-3-319-26616-9

Electronic ISBN: 978-3-319-26617-6

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-26617-6_11

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"