Human-readable Proof of the Related-Key Security of AES-128

Authors

  • Khoongming Khoo Defence Science Organisation (DSO) National Laboratories, Singapore, Singapore
  • Eugene Lee Raffles Institution, Singapore, Singapore
  • Thomas Peyrin School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, Singapore ; School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore; Temasek Laboratories, Nanyang Technological University, Singapore, Singapore
  • Siang Meng Sim School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore

DOI:

https://doi.org/10.13154/tosc.v2017.i2.59-83

Keywords:

AES, related-key differential attack, security proof, key schedule

Abstract

The related-key model is now considered an important scenario for block cipher security and many schemes were broken in this model, even AES-192 and AES-256. Recently were introduced efficient computer-based search tools that can produce the best possible related-key truncated differential paths for AES. However, one has to trust the implementation of these tools and they do not provide any meaningful information on how to design a good key schedule, which remains a challenge for the community as of today. We provide in this article the first human-readable proof on the minimal number of active Sboxes in the related-key model for AES-128, without any help from a computer. More precisely, we show that any related-key differential path for AES-128 will respectively contain at least 0, 1, 3 and 9 active Sboxes for 1, 2, 3 and 4 rounds. Our proof is tight, not trivial, and actually exhibits for the first time the interplay between the key state and the internal state of an AES-like block cipher with an AES-like key schedule. As application example, we leverage our proofs to propose a new key schedule, that is not only faster (a simple permutation on the byte positions) but also ensures a higher number of active Sboxes than AES-128’s key schedule. We believe this is an important step towards a good understanding of efficient and secure key schedule designs.

Published

2017-06-19

Issue

Section

Articles

How to Cite

Human-readable Proof of the Related-Key Security of AES-128. (2017). IACR Transactions on Symmetric Cryptology, 2017(2), 59-83. https://doi.org/10.13154/tosc.v2017.i2.59-83