The current Biclique attack is the only key recovery method for the full AES faster than brute-force, but how to get a new Biclique structure or all Biclique structures for AES has not been resolved. This paper designs algorithms to find all Biclique structures for AES-128 and evaluate the computational complexity or data complexity of corresponding Biclique attacks. Using these algorithms, this paper gives that there are 215 kinds Δi-differentials to generate 555 Biclique structures of AES-128, presents Δi-differential trails with the smallest and the second smallest data complexity, and gets Biclique differentials and matching with the smallest computational complexity and the smallest data complexity respectively.
李云强,张小勇,王爱兰. AES-128 Biclique结构的分布特征[J]. 电子与信息学报, 2016, 38(1): 135-140.
LI Yunqiang, ZHANG Xiaoyong, WANG Ailan. Distribution Characteristics of the AES-128 Biclique Structure. JEIT, 2016, 38(1): 135-140.
DAEMEN J and RIJMEN V. The design of Rijndael: AES- the advanced encryption standard[S]. Springer-Verlag, 2002.
[2]
NIELS F, JOHN K, STEFAN L, et al. Improved cryptanalysis of Rijndael[J]. LNCS, 2000, 1978: 213-230.
[3]
HENRI G and MARINE M. A collision attack on 7 rounds of Rijndael[C]. Third AES Candidate Conference, New York, USA, 2000: 230-241.
[4]
TYGE T, LARS R, STEFAN K, et al. Security of the AES with a secret S-box[OL]. http://eprint.iacr.org/2015/144. 2015.2.
[5]
CHRISTOF B, PHILIPP J, MARTIN M, et al. Analyzing permutations for AES-like ciphers: understanding ShiftRows [OL]. http://eprint.iacr.org/2015/212. 2015.3.
[6]
HAMID M, MOHAMMAD D, RIJMEN V, et al. Improved impossible differential cryptanalysis of 7-round AES-128[J]. LNCS, 2010, 6498: 282-291.
[7]
DUNKELMAN O, KELLER N, and SHAMIR A. Improved single-key attacks on 8-round AES-192 and AES-256[J]. LNCS, 2010, 6477: 158-176.
[8]
PATRICK D and PIERRE-ALAIN F. Exhausting Demirci- Sel?uk meet-in-the-middle attacks against reduced-round AES[OL]. http://eprint.iacr.org/ 2015/ 259. 2015.3.
[9]
J?R?MY J, MARIA N, and THOMAS P. Improved cryptanalysis of AES-like permutations[OL]. http://eprint. iacr.org/2015/279. 2015.3.
[10]
DMITRY K, CHRISTIAN R, and ALEXANDRA S. Bicliques for preimages: attacks on Skein-512 and the SHA-2 family[C]. 19th International Workshop on Fast Software Encryption, Washington DC, USA, 2012: 244-263.
[11]
MEGHA A, DONGHOON C, MOHONA G, et al. Collision attack on 4-branch, type-2 GFN based Hash functions using sliced Biclique cryptanalysis technique[OL]. http://eprint. iacr.org/ 2015/234. 2015.3.
[12]
MOHAMMAD H, FAGHIHI S, MOHAMMAD D, et al. Biclique cryptanalysis of MIBS-80 and PRESENT-80[OL]. http://eprint.iacr.org/2015/393. 2015.4.
[13]
WANG Yanfeng, WU Wenling, and YU Xiaoli. Biclique cryptanalysis of reduced-round piccolo block cipher[J]. LNCS, 2012, 7232: 337-352.
[14]
ANDREY B, DONGHOON C, MOHONA G, et al. Bicliques with minimal data and time complexity for AES[OL]. http:// eprint.iacr.org/2014/932.2014.11.
[15]
ANDREY B, DMITRY K, and CHRISTIAN R. Biclique cryptanalysis of the full AES[C]. ASIACRYPT’11, Seoul, Korea, 2011: 344-371.
XIE Zuomin, CHEN Shaozhen, and LU Linzhen. Impossible differential cryptanalysis of 11-round 3D cipher[J]. Journal of Electronics & Information Technology, 2014, 36(5): 1215-1220. doi: 10.3724/SP.J.1146.2013.00948.
LUO Wei and GUO Jiansheng. Related-key rectangle attack on Eagle-128 algorithm[J]. Journal of Electronics & Information Technology, 2014, 36(6): 1520-1524. doi: 10.3724 /SP.J.1146.2013.01239.
SHEN Xuan, LI Ruilin, LI Chao, et al. Differential analysis of the nonlinear functions of SHACAL-2 algorithm and the application[J]. Journal of Electronics & Information Technology, 2014, 36(7): 1661-1666. doi: 10.3724/SP.J.1146. 2013.01717.
GUO Rui and JIN Chenhui. Integral cryptanalysis of reduced round FOX64[J]. Journal of Electronics & Information Technology, 2015, 37(2): 417-422. doi: 10.11999/ JEIT140373.