×

Improved impossible differential attacks on large-block Rijndael. (English) Zbl 1342.94101

Kwon, Taekyoung (ed.) et al., Information security and cryptology – ICISC 2012. 15th international conference, Seoul, Korea, November 28–30, 2012. Revised selected papers. Berlin: Springer (ISBN 978-3-642-37681-8/pbk). Lecture Notes in Computer Science 7839, 126-140 (2013).
Summary: In this paper, we present more powerful 6-round impossible differentials for large-block Rijndael-224 and Rijndael-256 than the ones used by L. Zhang et al. in ISC 2008 [Lect. Notes Comput. Sci. 5222, 298–315 (2008; Zbl 1181.94118)]. Using those, we can improve the previous impossible differential cryptanalysis of both 9-round Rijndael-224 and Rijndael-256. The improvement can lead to 10-round attack on Rijndael-256 as well. With \(2^{198.1}\) chosen plaintexts, an attack is demonstrated on 9-round Rijndael-224 with \(2^{195.2}\) encryptions and \(2^{140.4}\) bytes memory. Increasing the data complexity to \(2^{216}\) plaintexts, the time complexity can be reduced to \(2^{130}\) encryptions and the memory requirements to \(2^{93.6}\) bytes. For 9-round Rijndael-256, we provide an attack requiring \(2^{229.3}\) chosen plaintexts, \(2^{194}\) encryptions, and \(2^{139.6}\) bytes memory. Alternatively, with \(2^{245.3}\) plaintexts, an attack with a reduced time of \(2^{127.1}\) encryptions and a memory complexity of \(2^{90.9}\) bytes can be mounted. With \(2^{244.2}\) chosen plaintexts, we can attack 10-round Rijndael-256 with \(2^{253.9}\) encryptions and \(2^{186.8}\) bytes of memory.
For the entire collection see [Zbl 1263.68022].

MSC:

94A60 Cryptography

Citations:

Zbl 1181.94118
PDFBibTeX XMLCite
Full Text: DOI Link