Sciweavers

IACR
2016

Human-readable Proof of the Related-Key Security of AES-128

8 years 7 months ago
Human-readable Proof of the Related-Key Security of AES-128
Abstract. The related-key model is now considered an important scenario for block cipher security and many schemes were broken in this model, even AES-192 and AES-256. Recently were introduced ecient computer-based search tools that can produce the best possible relatedkey truncated dierential paths for AES. However, one has to trust the implementation of these tools and they do not provide any meaningful information on how to design a good key schedule, which remains a challenge for the community as of today. We provide in this article the rst human-readable proof on the minimal number of active Sboxes in the related-key model for AES-128, without any help from a computer. More precisely, we show that any related-key dierential paths for AES-128 will respectively contain at least 0, 1, 3 and 9 active Sboxes for 1, 2, 3 and 4 rounds. Our proof is tight, not trivial, and actually exhibits for the rst time the interplay between the key state and the internal state of an AES-like blo...
Khoongming Khoo, Eugene Lee, Thomas Peyrin, Siang
Added 03 Apr 2016
Updated 03 Apr 2016
Type Journal
Year 2016
Where IACR
Authors Khoongming Khoo, Eugene Lee, Thomas Peyrin, Siang Meng Sim
Comments (0)