Revisiting Yoyo Tricks on AES
At Asiacrypt 2017, Rønjom et al. presented key-independent distinguishers for different numbers of rounds of AES, ranging from 3 to 6 rounds, in their work titled “Yoyo Tricks with AES”. The reported data complexities for these distinguishers were 3, 4, 225.8, and 2122.83, respectively. In this wor...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Ruhr-Universität Bochum
2023-12-01
|
Series: | IACR Transactions on Symmetric Cryptology |
Subjects: | |
Online Access: | https://tosc.iacr.org/index.php/ToSC/article/view/11278 |
_version_ | 1797399528234549248 |
---|---|
author | Sandip Kumar Mondal Mostafizar Rahman Santanu Sarkar Avishek Adhikari |
author_facet | Sandip Kumar Mondal Mostafizar Rahman Santanu Sarkar Avishek Adhikari |
author_sort | Sandip Kumar Mondal |
collection | DOAJ |
description |
At Asiacrypt 2017, Rønjom et al. presented key-independent distinguishers for different numbers of rounds of AES, ranging from 3 to 6 rounds, in their work titled “Yoyo Tricks with AES”. The reported data complexities for these distinguishers were 3, 4, 225.8, and 2122.83, respectively. In this work, we revisit those key-independent distinguishers and analyze their success probabilities.
We show that the distinguishing algorithms provided for 5 and 6 rounds of AES in the paper of Rønjom et al. are ineffective with the proposed data complexities. Our thorough theoretical analysis has revealed that the success probability of these distinguishers for both 5-round and 6-round AES is approximately 0.5, with the corresponding data complexities mentioned earlier.
We investigate the reasons behind this seemingly random behavior of those reported distinguishers. Based on our theoretical findings, we have revised the distinguishing algorithm for 5-round AES. Our revised algorithm demonstrates success probabilities of approximately 0.55 and 0.81 for 5-round AES, with data complexities of 229.95 and 230.65, respectively. We have also conducted experimental tests to validate our theoretical findings, which further support our findings.
Additionally, we have theoretically demonstrated that improving the success probability of the distinguisher for 6-round AES from 0.50000 to 0.50004 would require a data complexity of 2129.15. This finding invalidates the reported distinguisher by Rønjom et al. for 6-round AES.
|
first_indexed | 2024-03-09T01:40:33Z |
format | Article |
id | doaj.art-e7a0bbced5d14ce1bf6c2da5fcc676f8 |
institution | Directory Open Access Journal |
issn | 2519-173X |
language | English |
last_indexed | 2024-03-09T01:40:33Z |
publishDate | 2023-12-01 |
publisher | Ruhr-Universität Bochum |
record_format | Article |
series | IACR Transactions on Symmetric Cryptology |
spelling | doaj.art-e7a0bbced5d14ce1bf6c2da5fcc676f82023-12-08T16:13:27ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2023-12-012023410.46586/tosc.v2023.i4.28-57Revisiting Yoyo Tricks on AESSandip Kumar Mondal0Mostafizar Rahman1Santanu Sarkar2Avishek Adhikari3Department of Pure Mathematics, University of Calcutta, Kolkata, IndiaUniversity of Hyogo, Kobe, JapanDepartment of Mathematics, Indian Institute of Technology Madras, Chennai, IndiaDepartment of Mathematics, Presidency University, Kolkata, India At Asiacrypt 2017, Rønjom et al. presented key-independent distinguishers for different numbers of rounds of AES, ranging from 3 to 6 rounds, in their work titled “Yoyo Tricks with AES”. The reported data complexities for these distinguishers were 3, 4, 225.8, and 2122.83, respectively. In this work, we revisit those key-independent distinguishers and analyze their success probabilities. We show that the distinguishing algorithms provided for 5 and 6 rounds of AES in the paper of Rønjom et al. are ineffective with the proposed data complexities. Our thorough theoretical analysis has revealed that the success probability of these distinguishers for both 5-round and 6-round AES is approximately 0.5, with the corresponding data complexities mentioned earlier. We investigate the reasons behind this seemingly random behavior of those reported distinguishers. Based on our theoretical findings, we have revised the distinguishing algorithm for 5-round AES. Our revised algorithm demonstrates success probabilities of approximately 0.55 and 0.81 for 5-round AES, with data complexities of 229.95 and 230.65, respectively. We have also conducted experimental tests to validate our theoretical findings, which further support our findings. Additionally, we have theoretically demonstrated that improving the success probability of the distinguisher for 6-round AES from 0.50000 to 0.50004 would require a data complexity of 2129.15. This finding invalidates the reported distinguisher by Rønjom et al. for 6-round AES. https://tosc.iacr.org/index.php/ToSC/article/view/11278AESDistinguisherYoyo |
spellingShingle | Sandip Kumar Mondal Mostafizar Rahman Santanu Sarkar Avishek Adhikari Revisiting Yoyo Tricks on AES IACR Transactions on Symmetric Cryptology AES Distinguisher Yoyo |
title | Revisiting Yoyo Tricks on AES |
title_full | Revisiting Yoyo Tricks on AES |
title_fullStr | Revisiting Yoyo Tricks on AES |
title_full_unstemmed | Revisiting Yoyo Tricks on AES |
title_short | Revisiting Yoyo Tricks on AES |
title_sort | revisiting yoyo tricks on aes |
topic | AES Distinguisher Yoyo |
url | https://tosc.iacr.org/index.php/ToSC/article/view/11278 |
work_keys_str_mv | AT sandipkumarmondal revisitingyoyotricksonaes AT mostafizarrahman revisitingyoyotricksonaes AT santanusarkar revisitingyoyotricksonaes AT avishekadhikari revisitingyoyotricksonaes |