Key Difference Invariant Bias in Block Ciphers

In this paper, we reveal a fundamental property of block ciphers: There can exist linear approximations such that their biases ε are deterministically invariant under key difference. This behaviour is highly unlikely to occur in idealized ciphers but persists, for instance, in 5-round AES. Interestingly, the property of key difference invariant bias is independent of the bias value ε itself and only depends on the form of linear characteristics comprising the linear approximation in question as well as on the key schedule of the cipher. We propose a statistical distinguisher for this property and turn it into an key recovery. As an illustration, we apply our novel cryptanalytic technique to mount related-key attacks on two recent block ciphers - LBlock and TWINE. In these cases, we break 2 and 3 more rounds, respectively, than the best previous attacks. © 2013 Springer-Verlag.

ISBN:978-3-642-42032-0

Jaar van publicatie:2013

BOF-keylabel:ja

IOF-keylabel:ja

Authors from:Higher Education