140 likes | 171 Views
Rijndael Attacks. CSC 692 Presenter Karthik Parameswar. Introduction. Advanced Encryption Standard (AES) is the new Federal Information Processing Standard (FIPS) Intended use by U.S. Government organizations to protect sensitive (unclassified) information.
E N D
Rijndael Attacks CSC 692 Presenter Karthik Parameswar
Introduction • Advanced Encryption Standard (AES) is the new Federal Information Processing Standard (FIPS) • Intended use by U.S. Government organizations to protect sensitive (unclassified) information. • On October 2nd, 2000, NIST selected Rijndael as the Advanced Encryption Standard
Security of AES/ Rijndael • Designed with state of the art cryptographic research • Designed to have strong resistance against classical approximation attacks.
Known Attacks • Up to 6 rounds using the same technique used to attack the block cipher -Square Time Complexity – 2^72 Data Complexity - 2^32 chosen plaintext • Up to 7 rounds – A collision attack Time Complexity – 2 ^140 Data Complexity - 2^32 chosen plaintext Key size 192 and 256 bits
6 Round attack • Variant of “Square” attack and exploits the byte oriented structure of Rijndael • Attack based upon an efficient distinguisher between 3 Rijndael inner rounds and a random permutation. • Details found in [2].
7 Round attack • Square-6 attack can be extended to 7 rounds but slower than exhaustive key search. Details in [2] and [4]. Time Complexity – 2^200 Collision Attack • Based on efficient distinguisher between 4 Rijndael inner rounds and a random permutation. • Faster than exhaustive key search. • Details in [1].
7 Round Attack - contd • Extending the Square attack on Rijndael variants with larger keys of 192 bit and 256 bit • Attack exploits minor weakness of Rijndael key schedule • Faster than exhaustive key search for up to 7 rounds • details in [3]
An Improvement on existing attacks • A new technique called partial-sum technique • Dramatically reduced the complexity of 6-round attacks. • Uses the idea to attack 7 and 8 rounds of Rijndael. • details in [4]
Another Attack • Proposed by Courtois and Pieprzky • tries to express the entire algorithm as multivariate quadratic polynomials, • uses an innovative technique to treat the terms of those polynomials as individual variables. • gives a system of linear equations in a quadratically large number of variables that has to be solved (gross oversimplification of the paper)
Another attack - contd • Can use minimization techniques to make the solution easier. • Claims to break the entire algorithm with one or two know plaintext • Time complexity claim is 2^100 • Details in [5]
Conclusions • The attacks described are highly impractical. Furthermore, they are not sufficient to reduce the complexity of the full Rijndael due to its security margin. • Interesting that cryptoanalysis techniques exist for 7 out of 10 rounds for 128-bit keys, 8 of 12 rounds for 192-bit keys, and 9 of 14 rounds for 256-bit keys • Results exhibit a weakness in key schedule but does not necessitate key schedule modification. • Signs are good that Rijndael will be sufficient for block-cipher implementations in the coming decades.
References [1] Henri Gilbert, Marine Minier. A collision attack on 7 rounds of Rijndael http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/papers/11-hgilbert.pdf [2] J.Daemen L.Knudsen, and V.Rijmen. The block cipher Square. http://www.esat.kuleuven.ac.be/~cosicart/pdf/VR-9700.PDF [3] Stefan Lucks. Attacking seven rounds of Rijndael under 192-bit and 256-bit keys. http://th.informatik.uni-mannheim.de/ People/ Lucks /papers.html
References - contd [4] Neils Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, and Doug Whiting. Improved Cryptanalysis of Rijndael. http://www.counterpane.com/rijndael.pdf [5] Nicolas T. Courtois, Joseph Pieprzyk Cryptanalysis on Block Ciphers with Overdefined System of Equations http://eprint.iacr.org/2002/044.pdf