[Resource Topic] 2025/1326: New Techniques for Analyzing Differentials with Application to AES

Resource Secret-key cryptography
1

Welcome to the resource topic for 2025/1326

Title:
New Techniques for Analyzing Differentials with Application to AES

Authors: Itai Dinur

Abstract:

Differential cryptanalysis is one of the most powerful attacks on modern block ciphers. After many year of research, we have very good techniques for showing that the probability that an input difference leads to an output difference (i.e., the probability of a differential) is either significantly higher, or lower than expected, and such large deviations lead to attacks.

On the other hand, modern techniques cannot estimate with high accuracy the probability of a differential that spans many rounds of the cipher. Therefore, these techniques are sufficient to argue only limited resistance against differential cryptanalysis.

In particular, for the AES, Keliher and Sui proved in 2005 that any 4-round differential has probability at most (about) 2^{-114}, under the assumption that the round-keys are chosen independently. This establishes limited security arguments against classical differential cryptanalysis. Stronger bounds are only known when considering thousands of AES rounds, whereas at most 14 rounds are used in practice by AES-256.

In this paper, we propose new techniques for estimating the probability of a differential under the assumption that the round-keys of the cipher are chosen independently. We apply our techniques to AES, and show that the probability of every differential in 8-round AES is within an additive factor of 2^{-128} \cdot \frac{1}{50} from the expected value of \frac{1}{2^{128} - 1}.

We further apply our techniques to prove that 8-round AES is at most 2^{-18}-close to a pairwise independent permutation, while 40-round AES is at most 2^{-135}-close. The latter result improves upon the work of Liu, Tessaro and Vaikuntanathan [CRYPTO 2021], who proved a similar bound for 9000-round AES.

To obtain our results, we develop and adapt a variety of techniques for analyzing differentials using functional analysis. We expect these techniques to be useful for analyzing differentials in additional block ciphers besides the AES.

ePrint: https://eprint.iacr.org/2025/1326

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .