Cryptanalysis Of Block Cipher Rijndael?Kiasu-BC And Joltik-BC

With the development of information science and technology,online payment systems,cloud computing,and Internet of Things technologies are becoming more and more mature.At the same time,people also pay more attentions to the privacy protection and information security.Block ciphers are widely used in these areas to protect information security due to their fast speed,low power consumption and easy implementation.The tweakable block cipher is a kind of block ciphers with an extra input tweak,which increases the flexibility of the encryption algorithm by changing the values of tweaks.Thus it is widely used in the fields of encryption protocol,authentication encryption and disk encryption.In addition,the fast development of quantum computers has greatly challenged the security of block ciphers with small key sizes because Grover's quantum algorithm can provide a quadratic speedup for the exhaustive search.However,block ciphers with large key sizes can effectively resist quantum attacks.In summary,the researches on the security of tweakable block ciphers and block ciphers with large key sizes have become the hotspots in recent years.AES is an international encryption standard for block cipher recommended by the National Institute of Standards and Technology of the United States.It is a special version of block cipher Rijndael.Rijndael is denoted as Rijndael-b-k,where b and k are the block length and the key length,respectively.At present,there are few security researches on the large-key versions,but large-block ciphers can effectively resist quantum attacks.Kiasu-BC and Joltik-BC using the tweakey framework are AES-based tweakable block ciphers.The block and key lengths of Kiasu-BC are both 128 bits,the tweak size is 64bits,respectively.Joltik-BC is a 64-bit lightweight tweakable block cipher and its tweakey size being 128 bits.In this paper,by using the precomputation tables,multiple impossible differential paths and differential enumeration techniques,we propose improved impossible differential cryptanalysis of Rijndael and meet-in-the-middle attacks on Kiasu-BC and Joltik-BC-128.The detailed contents are as follows:First,we improve the cryptanalytic results on impossible differential cryptanalysis of 10-round Rijndael-224/256-256 and 9-round Rijndael-224-224 with the precomputation tables and the early abort techniques.For 10-round Rijndael-256-256,the attack requires 2^244.4 chosen plaintexts,2^240.1 encryptions and 2^181.4 blocks.Compared with previously best known results,the time and memory complexities are reduced by2^13.8 times and 2^5.4times,respectively.Then,we present two impossible differential attacks on 9-round Rijndael-224-224.The data,time and memory complexities of the first attack are 2^206.6 chosen plaintexts,2^153.6encryptions and 2^111.6 blocks,respectively.Compared with the previously best known results,the time and memory complexities are reduced by 2^8.4 times and 2^5.4 times,respectively;the second attack requires 2^214.4chosen plaintexts,2^113.4 encryptions and 2^87.4 blocks,respectively.Compared with the previously best known result,the time and memory complexities are reduced by 2^16.6times and 2^6.2 times,respectively.In addition,we also give impossible differential cryptanalysis of 10-round Rijndael-224-256.The attack requires 2^214.4 chosen plaintexts,2^241.3 encryptions and 2^181.4 blocks,respectively.Second,we improve the cryptanalytic result on 8-round Kiasu-BC with the differential enumeration technique.Specifically,a new 5-round distinguisher is built in the offline phase.Based on it,we mount a meet-in-the-middle attack on 8-round Kiasu-BC.The attack requires 2¹⁰⁹ plaintext-tweaks,2^112.8 encrytions and 2^92.91 blocks,respectively.Compared with previously best known results under chosen plaintext attacks,the data and time complexities are reduced by 2⁷ times and 2^3.2 times,respectively.Third,we improve the results on 9/10-round Joltik-BC-128.For 9-round Joltik-BC-128,the data,time and memory complexities are 2⁵³ plaintext-tweaks,2^56.6 encryptions and 2^52.91 blocks,respectively.Compared with previously best-known results,the data and time complexities are reduced by 2⁷ times and 2^5.1times,respectively.For 10-round Joltik-BC-128,the data,time and memory complexities are 2⁵³ plaintext-tweaks,2^101.4encrytions and 2^76.91 blocks,respectively.Compared with previously best-known results,the data,time and memory complexities are reduced by 2¹⁸ times,2^8.1 times and 2^16.09times,respectively.