Structural Cryptanalysis of SASAS

Cryptanalysis; Structural cryptanalysis; Multiset attack; Block ciphers; Substitution permutation networks; Substitution affine networks; Rijndael; AES

Abstract :

[en] In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five-layer scheme with 128-bit plaintexts and 8-bit S-boxes is surprisingly weak against what we call a multiset attack, even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the multiset attack with an actual implementation, which required just 2^16 chosen plaintexts and a few seconds on a single PC to find the 2^17 bits of information in all the unknown elements of the scheme.

Disciplines :

Computer science

Identifiers :

UNILU:UL-ARTICLE-2011-087

Author, co-author :

BIRYUKOV, Alex ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Shamir, Adi; Weizmann Institute of Science, Israel

Language :

English

Title :

Structural Cryptanalysis of SASAS

Publication date :

2010

Journal title :

Journal of Cryptology

ISSN :

0933-2790

Publisher :

Springer

Volume :

Issue :

Pages :

505-518

Peer reviewed :

Peer reviewed

Additional URL :

http://www.springerlink.com/content/p677661hq4745u61/

Available on ORBilu :

since 25 June 2014

Statistics

Number of views

168 (4 by Unilu)

Number of downloads

328 (2 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™