Paper 2016/025

Human-readable Proof of the Related-Key Security of AES-128

Khoongming Khoo, Eugene Lee, Thomas Peyrin, and Siang Meng Sim

Abstract

The related-key model is now considered an important scenario for block cipher security and many schemes were broken in this model, even AES-192 and AES-256. Recently were introduced efficient computer-based search tools that can produce the best possible related-key truncated differential paths for AES. However, one has to trust the implementation of these tools and they do not provide any meaningful information on how to design a good key schedule, which remains a challenge for the community as of today. We provide in this article the first human-readable proof on the minimal number of active Sboxes in the related-key model for AES-128, without any help from a computer. More precisely, we show that any related-key differential paths for AES-128 will respectively contain at least 0, 1, 3 and 9 active Sboxes for 1, 2, 3 and 4 rounds. Our proof is tight, not trivial, and actually exhibits for the first time the interplay between the key state and the internal state of an AES-like block cipher with an AES-like key schedule. As application example, we leverage our proofs to propose a new key schedule, that is not only faster (a simple permutation on the byte positions) but also ensures a higher number of active Sboxes than AES-128's key schedule. We believe this is an important step towards a good understanding of efficient and secure key schedule designs.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2018
Keywords
AESrelated-key differential attacksecurity proofkey schedule
Contact author(s)
ssim011 @ e ntu edu sg
History
2017-05-12: revised
2016-01-12: received
See all versions
Short URL
https://ia.cr/2016/025
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/025,
      author = {Khoongming Khoo and Eugene Lee and Thomas Peyrin and Siang Meng Sim},
      title = {Human-readable Proof of the Related-Key Security of AES-128},
      howpublished = {Cryptology ePrint Archive, Paper 2016/025},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/025}},
      url = {https://eprint.iacr.org/2016/025}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.