Techniques For Cryptanalysis Of Block Ciphers

Modern cryptological theory and technology are important basis of information security. Block cipher is an important branch of cryptology, and it has many attractive features such as high rates, easy for standardization, and efficient for both software and hardware implementations. Block cipher is usually core components in information and Internet security for data encryption, data signature, authentication and key management. This dissertation investigates the techniques for cryptanalysis of block ciphers, with emphasis on Advanced Encryption Standard (AES). The author obtains main results as follows:1.An impossible differential property for 4-round AES is determined. Based on this property, a new method is proposed for cryptanalyzing the 6-round AES. This attack on the reduced 6-round AES requires about 2^99.5 chosen plaintexts, performs 2⁸⁵ 6-round AES encryptions, and demands 2⁵⁷ words of memory.2.Two methods for impossible differential cryptanalysis of 7-round AES-192 and 8-round AES-256 are presented, by exploiting weaknesses in their key schedule. This attack on the reduced to 7-round AES-192 requires about 2¹⁰⁶ chosen plaintexts, performs 2¹⁵⁷ 7-round AES-192 encryptions, and demands 2¹²⁹ words of memory. Furthermore, this attack on the reduced to 8-round AES-256 requires about 2¹⁰³ chosen plaintexts, performs 2²⁴⁴ 8-round AES-256 encryptions, and demands 2²¹⁷ words of memory.3.SMS4 is the first commercial block cipher published by our government. By analyzing the changes of its difference between input and output pairs in each round, an impossible differential is presented for 14-round SMS4. Based on this property, a new method is proposed for cryptanalyzing the 17-round SMS4. This attack on the reduced 17-round SMS4 requires about 2¹⁰³ chosen plaintexts, performs 2¹²⁴ 17-round SMS4 encryptions, and demands 2⁸⁹ words of memory. Furthermore, it is only 2^-88.7 of the probability to fail to recover the secret key.4.Two new methods are presented for related-key Square attack on 7-round and 8-round AES-192, by exploiting appropriate related-key differences of AES-192 and weaknesses in their key schedule. When the related-key of AES-192 is appointed, the exact difference of subkey is determined in the first 8 rounds using the property of its key schedule. This attack on the reduced to 8-round AES-192 requires only about 2⁴⁵ chosen plaintexts, demands 2⁴⁰ memory, performs 2¹⁶⁷ 8-round AES-192 encryptions.5.A method for related-key rectangle attack on 7-round AES-128 is firstly proposed, by exploiting appropriate related-key differences of AES-128 and weaknesses in their key schedule. This attack on the reduced to 7-round AES-128 requires about 2¹¹⁵ chosen plaintexts with 256 related keys, performs 2¹¹⁵ 7-round AES-128 encryptions. Furthermore, the probability is about 95.8% to succeed in recovering the secret key.6.A new forgery attack on PMAC and TMAC-V based on block ciphers with random message is presented, which make use of the principle of differential identical in part of the mode. The new attack can forge the PMAC and TMAC-V of random message, with a probability of 86.5% higher than 63% in the known reference. The complexity of this new attack is [0, 2^n/2+1, 1, 0] for PMAC where no truncation is performed. For PMAC where truncation is performed, the complexity of this attack is [0, 2^n/2+1,[n/Ï„],2^n-Ï„]. And thecomplexity of this attack is [0, 2^n/2+1,1, 0] for TMAC-V.