摘要
给出了一个4轮AES的不可能差分特性:如果输入的明文对只有一个S-盒不同,那么4轮之后相应的密文对在同一列不可能出现3个不同的S-盒.利用该性质,在原来4轮不可能差分密码分析的基础上,前后各加一轮,提出了一种不可能差分密码分析6轮AES的新方法.该新方法需要299.5的选择明文,记忆存储空间为257分组,以及约286的6轮AES计算,且恢复密钥的错误概率仅为2-66.5.
This paper first presents an impossible differential property of the 4-round AES-if only one Sbox of the input plaintext pair is different, and it is impossible that there be three different S-boxes in the same column for the corresponding cipher-text pair after 4-round encryption. Based on this property, a new method is proposed for cryptanalyzing the 6-round AES. which is to add one round to each end of the impossible differential cryptanalysis for the 4-round AES. This attack on the reduced 6-round AES requires about 2^99.5 chosen plaintexts, demands 2^57 words of memory, and performs 2^86 6-round AES encryptions. Furthermore, there is only 2-66.5 of the probability to fail to recover the secret key.
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2006年第4期598-601,共4页
Journal of Xidian University
基金
现代通信国家重点实验室基金项目(51436030105DZ0105)
高等学校博士点专项科研基金(20020701013)
关键词
不可能差分密码分析
高级加密标准
密码分析
impossible differential cryptanalysis
advanced encryption standard
cryptanalysis
