Results 1  10
of
22
Essential algebraic structure within the AES
, 2002
"... Abstract. One difficulty in the cryptanalysis of the Advanced Encryption Standard AES is the tension between operations in the two fields GF (2 8) and GF (2). This paper outlines a new approach that avoids this conflict. We define a new block cipher, the BES, that uses only simple algebraic operatio ..."
Abstract

Cited by 72 (7 self)
 Add to MetaCart
Abstract. One difficulty in the cryptanalysis of the Advanced Encryption Standard AES is the tension between operations in the two fields GF (2 8) and GF (2). This paper outlines a new approach that avoids this conflict. We define a new block cipher, the BES, that uses only simple algebraic operations in GF (2 8). Yet the AES can be regarded as being identical to the BES with a restricted message space and key space, thus enabling the AES to be realised solely using simple algebraic operations in one field GF (2 8). This permits the exploration of the AES within a broad and rich setting. One consequence is that AES encryption can be described by an extremely sparse overdetermined multivariate quadratic system over GF (2 8), whose solution would recover an AES key.
Improved Impossible Differential Cryptanalysis of Rijndael and Crypton
, 2001
"... Impossible differential attacks against Rijndael and Crypton have been proposed up to 5round. In this paper we expand the impossible differential attacks to 6round. Although we use the same 4round impossible differential as in five round attacks, we put this impossible differential in the middle ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
Impossible differential attacks against Rijndael and Crypton have been proposed up to 5round. In this paper we expand the impossible differential attacks to 6round. Although we use the same 4round impossible differential as in five round attacks, we put this impossible differential in the middle of 6round. That is, we will consider one round before the impossible differential and one more round after. The complexity of the proposed attack is bigger than that of the Square attack, but still less than that of the exhaustive search.
Report on the development of the advanced encryption standard (AES
, 2000
"... In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetrickey encryption algorithm to be used to protect sensitive (unclassified) Federal information in furtherance of NIST’s statutory responsibilities. In 1998, NIST announced the acceptance of fift ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetrickey encryption algorithm to be used to protect sensitive (unclassified) Federal information in furtherance of NIST’s statutory responsibilities. In 1998, NIST announced the acceptance of fifteen candidate algorithms and requested the assistance of the cryptographic research community in analyzing the candidates. This analysis included an initial examination of the security and efficiency characteristics for each algorithm. NIST reviewed the results of this preliminary research and selected MARS, RC6™, Rijndael, Serpent and Twofish as finalists. Having reviewed further public analysis of the finalists, NIST has decided to propose Rijndael as the Advanced Encryption Standard (AES). The research results and rationale for this selection are documented in this report.
RelatedKey Rectangle Attacks on Reduced AES192 and AES256
 Proceedings of Fast Software Encryption (FSE ’07), Lecture Notes in Computer Science
, 2007
"... Abstract. This paper examines the security of AES192 and AES256 against a relatedkey rectangle attack. We find the following new attacks: 8round reduced AES192 with 2 related keys, 10round reduced AES192 with 64 or 256 related keys and 9round reduced AES256 with 4 related keys. Our attacks ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. This paper examines the security of AES192 and AES256 against a relatedkey rectangle attack. We find the following new attacks: 8round reduced AES192 with 2 related keys, 10round reduced AES192 with 64 or 256 related keys and 9round reduced AES256 with 4 related keys. Our attacks reduce the complexity of earlier attacks presented at FSE 2005 and Eurocrypt 2005: for reduced AES192 with 8 rounds, we decrease the required number of related keys from 4 to 2 at the cost of a higher data and time complexity; we present the first shortcut attack on AES192 reduced to 10 rounds; for reduced AES256 with 9 rounds, we decrease the required number of related keys from 256 to 4 and both the data and time complexity at the cost of a smaller number of attacked rounds. Furthermore, we point out some flaw in the 9round AES192 attack presented at Eurocrypt 2005, show how to fix it and enhance the attack in terms of the number of related keys.
On the security of Camellia against the square attack
 in Proceedings of Fast Software Encryption – FSE’02
, 2002
"... Abstract. Camellia is a 128 bit block cipher proposed by NTT and Mitsubishi. We discuss the security of Camellia against the square attack. We find a 4 round distinguisher and construct a basic square attack. We can attack 5 round Camellia by guessing one byte subkey and using 2 16 chosen plaintexts ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Abstract. Camellia is a 128 bit block cipher proposed by NTT and Mitsubishi. We discuss the security of Camellia against the square attack. We find a 4 round distinguisher and construct a basic square attack. We can attack 5 round Camellia by guessing one byte subkey and using 2 16 chosen plaintexts. Cosidering the key schdule, we may extend this attack up to 9 round Camellia including the first FL/FL −1 function layer. 1
A MeetintheMiddle Attack on 8Round AES
"... Abstract. We present a 5round distinguisher for AES. We exploit this distinguisher to develop a meetinthemiddle attack on 7 rounds of AES192 and 8 rounds of AES256. We also give a timememory tradeoff generalization of the basic attack which gives a better balancing between different costs of ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. We present a 5round distinguisher for AES. We exploit this distinguisher to develop a meetinthemiddle attack on 7 rounds of AES192 and 8 rounds of AES256. We also give a timememory tradeoff generalization of the basic attack which gives a better balancing between different costs of the attack. As an additional note, we state a new squarelike property of the AES algorithm.
Energy efficient security framework for wireless local area networks
, 2000
"... This dissertation was presented by Phongsak Kiratiwintakorn It was defended on ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This dissertation was presented by Phongsak Kiratiwintakorn It was defended on
The Effects of the Omission of Last Round’s MixColumns on AES ⋆
"... Abstract. The Advanced Encryption Standard (AES) is the most widely deployed block cipher. It follows the modern iterated block cipher approach, iterating a simple round function multiple times. The last round of AES slightly differs from the others, as a linear mixing operation (called MixColumns) ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. The Advanced Encryption Standard (AES) is the most widely deployed block cipher. It follows the modern iterated block cipher approach, iterating a simple round function multiple times. The last round of AES slightly differs from the others, as a linear mixing operation (called MixColumns) is omitted from it. Following a statement of the designers, it is widely believed that the omission of the last round MixColumns has no security implications. As a result, the majority of attacks on reducedround variants of AES assume that the last round of the reducedround version is free of the MixColumns operation. In this note we refute this belief, showing that the omission of MixColumns does affect the security of (reducedround) AES. First, we consider a simple example of 1round AES, where we show that the omission reduces the time complexity of an attack with a single known plaintext from 2 48 to 2 16. Then, we examine several previously known attacks on 7round AES192 and show that the omission reduces their time complexities by a factor of 2 16. 1
Energy Efficient Wireless Encryption
"... Abstract — The current encryption standard for wireless networks recommends using the AES cipher in the counter (CTR) mode for confidentiality and the cipher block chaining (CBC) mode for authentication. In the counter mode, a 128 bit counter is encrypted using the AES into 128 bit keystream which i ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract — The current encryption standard for wireless networks recommends using the AES cipher in the counter (CTR) mode for confidentiality and the cipher block chaining (CBC) mode for authentication. In the counter mode, a 128 bit counter is encrypted using the AES into 128 bit keystream which is then XORed with 128 bits of plaintext before transmission. This operation is repeated for the entire frame and results in heavy energy consumption for larger frames. In this paper, we propose a novel cipher called High Diffusion (HD) cipher that securely expands a given 128 bit counter value to a larger 288 bit keystream during encryption, thus reducing the number of encryptions per frame compared to the AES. We show that the HD cipher is as secure as the AES under differential, linear cryptanalysis and Square attack. Using an experimental set up consisting of a laptop with 1.8 GHz Pentium 4 processor and an Intrinsyc CerfCube with 233 MHz ARM processor we measure the energy consumption of both the AES and the HD cipher encryption operation. We observe that using HD cipher instead of AES for encryption will result in about 40 % saving in energy consumption on both the laptop and the CerfCube. When HD cipher is used instead of AES in the CCMP, we observe that energy efficiency due to HD cipher is significant for larger frame lengths. I.