| In2000, Rijndael Algorithm designed by the Belgian cryptologists Joan Daemen and Vincent Rijmen was determined as Advanced Encryption Standard (AES for short) of American government. In2003, the American government declared in public that AES could be used for encrypting and confidential document. At present, AES has already been used in various data encryption systems.The fact that AES is established on well-regulated algebraic structure is the most controversial hot research issue. Though effective algebraic method of attacking AES has not been found now, various cryptologists have a common perspective:they consider that there exists great potential safety hazard to establish encryption algorithm on the algebraic structure which cannot prove to be safe. At the same time, though the modularized design of AES has relatively high efficiency in realization, there is still security flaw in the modularized design.Since2000, new methods directed at attacking AES encryption algorithm has arisen constantly, and they include:Algebraic Attack, Impossible Differential Attack, Integral Attack, Power Attack, Side-channel Attack, Flying Attack, Rectangular Attack, Related-key Attack, Collision Attack, etc.Various international research teams represented by Biham and Shamir have made widespread studies on the safety of AES. Multiple block cipher attack technologies have been applied to attack against AES, such as Square Attack, Impossible Differential Attack, Partial Sum Attack, Flying Attack, Rectangular Attack, Related-key Rectangular Attack, Collision Attack, etc. Therefore, a large amount of research achievements with great scientific value and social value have been accumulated. At the same time, some new analytical methods aimed at AES algorithm have also turned up continuously and the attack schemes aimed at crypto chip such as Buffer Attack and Power Attack have widened the visual field for safety analysis of AES crypto chip, and provided new research ideas.In China, the research teams directed at safety analysis of AES are also quite active. DONG Xiaoli, HU Yupu, etc. have achieved new progress in the aspect of Rectangular Attack; WU Wenling, FENG Dengguo, QING Sihan, etc. have made breakthrough in Impossible Differential Attack; ZHANG Yu’an, WEI Baodian, WANG Xinmei, YIN Xinchun, YANG Jie, etc. have made progress in algebraic property of s-box and design of s-box; ZHAO Xinjie, WANG Tao, etc. have achieved good results in terms of CACHE Attack; ZHAO Jia, ZENG Xiaoyang, etc. have made a contribution in Power Attack. Under the above research background, this paper has made thorough discussions about the hot issues in safety research for AES, and obtained the following achievements:(1) XSL Attack simplifies the cryptanalysis of Rijndael and SERPENT into the problem of solving polynary quadratic equation group (that is MQ problem). In2005, Carlos Cid, etc. have revealed the essence of XSL Attack, and pointed out that XSL Attack was ineffective to the equation system consisting of AES. Directed at the algebraic attack of the block ciphers of SERPENT, this paper has given Differential Algebraic Attack and Impossible Differential Algebraic Attack of SERPENT encryption algorithm via the algebraic equation of s-box.(2) Study new attack algorithm. Impossible Differential Attack is an effective method of cipher attack aimed at Advanced Encryption Standard AES. This method is also one of the effective methods which analyze other block ciphers in recent years. This paper has deduced a new property of3round AES, and analyzed8round AES128by using impossible differential analytical method based on this property. A new property of4round AES has also been obtained, and9round AES256has been analyzed by using impossible differential analytical method based on this property. It can be seen from this analysis that the confusion degree of rank transformation of AES algorithm is insufficient, which has provided theoretical basis for us to increase and improve AES safety.(3) Analyze the vulnerability of key schedule. In2005, Biham combined related-key with impossible differential to provide a new analytical method called Related-key Impossible Differential. Due to the key schedule, incomplete diffusivity of linear replacement layer of AES192and AES256is more obvious than AES128, which leads to the result that the attack advance rate of AES192and AES256is higher. This paper has adopted a new analytical method which establishes intrinsic differential relation among keys via the key schedule principle at first, then establishes impossible differential path via the intrinsic differential relation, counts the corresponding differential relations which may be used via the intrinsic relation among keys, plaintext and ciphertext and by speculating related-keys, and finally recovers the initial key via these differential relations. |
PDF Full Text Request