Date de l'exposé : 30 juin 2023
Algorithms and Models for the Differential Analysis of the AES
The Advanced Encryption Standard (AES) is considered to be the most important and widely deployed symmetric primitive. While the cipher was designed to be immune against differential and other classical attacks, this immunity does not hold in the related-key setting, and various related-key attacks have appeared over time. First, we propose a fast and low-memory algorithm based on dynamic programming to find optimal truncated differential characteristics and bounds on the minimum number of active S-boxes for all variants of the AES. This algorithm has a very simple to understand complexity analysis and does not depend on any generic solver. Second, we search for permutation-based key schedules for AES-128 by showing first that the model of Derbez et al. at SAC 2018 to resolve the same problem was flawed and by developing our proper approach and tool to undertake this same question. Our method permits to find many permutations that reach better differential bounds than the original key schedule of AES-128 and that outperform the permutation exhibited by Khoo et al. at ToSC 2017.