Experimental verification of super-sbox analysis: confirmation of detailed attack complexity

Authors:
Yu Sasaki;Naoyuki Takayanagi;Kazuo Sakiyama;Kazuo Ohta
Affiliations:
NTT Information Sharing Platform Laboratories, NTT Corporation, Musashino-Shi, Tokyo, Japan;The University of Electro-Communications, Choufu-Shi, Tokyo, Japan;The University of Electro-Communications, Choufu-Shi, Tokyo, Japan;The University of Electro-Communications, Choufu-Shi, Tokyo, Japan
Venue:
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Year:
2011

Citing 11
Cited 0

The Design of Rijndael

The Design of Rijndael
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Known-key distinguishers for some block ciphers

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Hyper-Sbox view of AES-like permutations: a generalized distinguisher

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper implements the super-sbox analysis on 8-round AES proposed by Gilbert and Peyrin in order to verify its correctness and the attack cost. The attack consists of three parts; the first outbound phase, inbound phase with a super-sbox technique, and the second outbound phase. Gilbert and Peyrin estimated that the attack would require 248 computational cost and 232 memory, which could be feasible but not easy to practically implement. In this research, we first analyze the relationship among memory, computational cost, and the number of solutions in the inbound phase, and then show that the tradeoff exists for the super-sbox analysis. With this tradeoff, we implement the attack for each of the outbound phase independently so that the cost for the entire attack can be estimated by the experiments. As a result of our experiment, we show that the computational cost to obtain a pair of values satisfying the inbound phase is approximately 4 times higher and the freedom degrees are 4 times smaller than the previous estimation, which indicates that applying the super-sbox analysis is harder than expected.