{"title":"改进的ARIA不可能差分密码分析","authors":"Shenhua Li, Chunyan Song","doi":"10.1109/ISA.2008.10","DOIUrl":null,"url":null,"abstract":"Impossible differential cryptanalysis is a method recovering secret key by getting rid of the keys that satisfy impossible differential relations. This cryptanalysis has been used to attack AES and many good results were gotten. For the new block cipher ARIA is similar to AES in structure, it is necessary to research its security against impossible differential cryptanalysis. We find a new impossible differential property of the block cipher ARIA, and we propose an attack against ARIA reduced to six rounds based on this property. In our attack, 10 bytes of round keys are needed to be guessed instead of 12 bytes in the previous one, so the time complexity is reduced by 216 times. It needs 2120 chosen plaintexts and 296 encryptions in our attack.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Improved Impossible Differential Cryptanalysis of ARIA\",\"authors\":\"Shenhua Li, Chunyan Song\",\"doi\":\"10.1109/ISA.2008.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Impossible differential cryptanalysis is a method recovering secret key by getting rid of the keys that satisfy impossible differential relations. This cryptanalysis has been used to attack AES and many good results were gotten. For the new block cipher ARIA is similar to AES in structure, it is necessary to research its security against impossible differential cryptanalysis. We find a new impossible differential property of the block cipher ARIA, and we propose an attack against ARIA reduced to six rounds based on this property. In our attack, 10 bytes of round keys are needed to be guessed instead of 12 bytes in the previous one, so the time complexity is reduced by 216 times. It needs 2120 chosen plaintexts and 296 encryptions in our attack.\",\"PeriodicalId\":212375,\"journal\":{\"name\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Conference on Information Security and Assurance (isa 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISA.2008.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improved Impossible Differential Cryptanalysis of ARIA
Impossible differential cryptanalysis is a method recovering secret key by getting rid of the keys that satisfy impossible differential relations. This cryptanalysis has been used to attack AES and many good results were gotten. For the new block cipher ARIA is similar to AES in structure, it is necessary to research its security against impossible differential cryptanalysis. We find a new impossible differential property of the block cipher ARIA, and we propose an attack against ARIA reduced to six rounds based on this property. In our attack, 10 bytes of round keys are needed to be guessed instead of 12 bytes in the previous one, so the time complexity is reduced by 216 times. It needs 2120 chosen plaintexts and 296 encryptions in our attack.