[Resource Topic] 2017/508: Generalized Distinguishing Attack: A New Cryptanalysis of AES-like Permutations

Welcome to the resource topic for 2017/508

Generalized Distinguishing Attack: A New Cryptanalysis of AES-like Permutations

Authors: Victor Cauchois, Clément Gomez, Reynald Lercier


We consider highly structured truncated differential paths to mount rebound attacks on hash functions based on AES-like permutations. We explain how such differential paths can be computed using a Mixed-Integer Linear Programming approach. Together with the SuperSBox description, this allows us to build a rebound attack with a 6-round inbound phase whereas classical rebound attacks have 4-round inbound phases. Non-square AES-like permutations seem to be more vulnerable than square ones. We illustrate this new technique by mounting the first distinguishing attack on a 11-round version of Gr\o{}stl-512 internal permutation P_{1024} with \mathit{O}(2^{72}) computational complexity and \mathit{O}(2^{56}) memory complexity, to be compared with the \mathit{O} (2^{96}) required computations of the corresponding generic attack. Previous best results on this permutation reached 10 rounds with a computational complexity of \mathit{O}(2^{392}), to be compared with \mathit{O}(2^{448}) required by the corresponding generic attack.

ePrint: https://eprint.iacr.org/2017/508

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .