[Resource Topic] 2025/462: Practical Key Collision on AES and Kiasu-BC

Welcome to the resource topic for 2025/462

Title:
Practical Key Collision on AES and Kiasu-BC

Authors: Jianqiang Ni, Yingxin Li, Fukang Liu, Gaoli Wang

The key collision attack was proposed as an open problem in key-committing security in Authenticated Encryption (AE) schemes like \texttt{AES-GCM} and \texttt{ChaCha20Poly1305}. In ASIACRYPT 2024, Taiyama et al. introduce a novel type of key collision—target-plaintext key collision (\texttt{TPKC}) for \texttt{AES}. Depending on whether the plaintext is fixed, \texttt{TPKC} can be divided into \texttt{fixed-TPKC} and \texttt{free-TPKC}, which can be directly converted into collision attacks and semi-free-start collision attacks on the Davies-Meyer (\texttt{DM}) hashing mode.
In this paper, we propose a new rebound attack framework leveraging a time-memory tradeoff strategy, enabling practical key collision attacks with optimized complexity. We also present an improved automatic method for finding \textit{rebound-friendly} differential characteristics by controlling the probabilities in the inbound and outbound phases, allowing the identified characteristics to be directly used in \textit{rebound-based} key collision attacks. Through our analysis, we demonstrate that the 2-round \texttt{AES-128} \texttt{fixed-TPKC} attack proposed by Taiyama et al. is a \texttt{free-TPKC} attack in fact, while \texttt{fixed-TPKC} attacks are considerably more challenging than \texttt{free-TPKC} attacks. By integrating our improved automatic method with a new rebound attack framework, we successfully identify a new differential characteristic for the 2-round \texttt{AES-128} \texttt{fixed-TPKC} attack and develope the first practical \texttt{fixed-TPKC} attack against 2-round \texttt{AES-128}. Additionally, we present practical \texttt{fixed-TPKC} attacks against 5-round \texttt{AES-192} and 3-round \texttt{Kiasu-BC}, along with a practical \texttt{free-TPKC} attack against 6-round \texttt{Kiasu-BC}. Furthermore, we reduce time complexities for \texttt{free-TPKC} and \texttt{fixed-TPKC} attacks on other \texttt{AES} variants.

ePrint: https://eprint.iacr.org/2025/462

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .