130 likes | 142 Views
Rijndael Attacks. CSC 692 Presenter Karthik Parameswar. Introduction. Rijndael is the Advanced Encryption Standard (AES) Criteria taken into account in its design were Resistance against known attacks Speed and code compactness on wide range of platforms Design simplicity. Known Attacks.
E N D
Rijndael Attacks CSC 692 Presenter Karthik Parameswar
Introduction Rijndael is the Advanced Encryption Standard (AES) Criteria taken into account in its design were • Resistance against known attacks • Speed and code compactness on wide range of platforms • Design simplicity
Known Attacks • Up to 6 rounds using the same technique used to attack the block cipher -Square Time Complexity – 2^72 Data Complexity - 2^32 chosen plaintext • Up to 7 rounds – A collision attack Time Complexity – 2 ^140 Data Complexity - 2^32 chosen plaintext Key size 192 and 256 bits
6 Round attack • Variant of “Square” attack and exploits the byte oriented structure of Rijndael • Attack based upon an efficient distinguisher between 3 Rijndael inner rounds and a random permutation. • Details found in [2].
7 Round attack • 6 round attack can be extended to 7 rounds but slower than exhaustive key search. Details in [2] and [4]. Time Complexity – 2^200 Collision Attack • Efficient distinguisher between 4 Rijndael inner rounds and a random permutation. Details in [1]. • Faster than exhaustive key search.
7 Round Attack - contd • Extending the Square attack on Rijndael variants with larger keys of 192 bit and 256 bit • Attack exploits minor weakness of Rijndael key schedule • Faster than exhaustive key search for up to 7 rounds • Details in [2]
An Improvement on existing attacks • A new technique called partial-sum technique • Dramatically reduced the complexity of 6-round attacks. • Uses the idea to attack 7 and 8 rounds of Rijndael. • details in [4]
Another Attack • Proposed by Courtois and Pieprzky • tries to express the entire algorithm as multivariate quadratic polynomials, • uses an innovative technique to treat the terms of those polynomials as individual variables. • gives a system of linear equations in a quadratically large number of variables that has to be solved (gross oversimplification of the paper)
Another attack - contd • Can use minimization techniques to make the solution easier. • Claims to break the entire algorithm with one or two know plaintext • Time complexity claim is 2^100 • Details in [5]
Conclusions • The attacks described are highly impractical. Furthermore, they are not sufficient to reduce the complexity of the full Rijndael due to its security margin. • Interesting that cryptoanalysis techniques exist for 7 out of 10 rounds for 128-bit keys, 8 of 12 rounds for 192-bit keys, and 9 of 14 rounds for 256-bit keys • Results exhibit a weakness in key schedule but does not necessitate key schedule modification. • Signs are good that Rijndael will be sufficient for block-cipher implementations in the coming decades.
References [1] Henri Gilbert, Marine Minier. A collision attack on 7 rounds of Rijndael [2] J.Daemen L.Knudsen, and V.Rijmen. The block cipher Square. [3] Stefan Lucks. Attacking seven rounds of Rijndael under 192-bit and 256-bit keys. [4] Neils Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, and Doug Whiting. Improved Cryptanalysis of Rijndael.
References - contd [5] Nicolas T. Courtois, Joseph Pieprzyk Cryptanalysis on Block Ciphers with Overdefined System of Equations