Improved security of Rijndael key expansion function

Symmetric block ciphers are the most widely utilized cryptographic primitives. In most block ciphers, a master key of special length is manipulated to create round subkeys. This manipulation is known as the key schedule. A strong key schedule means that a cipher will be more resistant to various forms of attacks especially in relatedkey model attacks. These days, the most common block cipher is Rijndael which adopted by the National Institute of Standards and Technology (NIST), USA in 2001 as an Advance Encryption Standard (AES). Some cryptanalysis studies have also revealed a security weakness of Rijndael such as its vulnerability to related-key differential attacks and the related-key boomerang attack. This is mainly due to the lack of nonlinearity in the key schedule of Rijndael. Constructing a key schedule that is both efficient and provably secure has been an open problem for a long time. This research presents a method to improve the key schedule of Rijndael cipher in order to make the cipher resist to related-key scenario attack in form of differential cryptanalysis attacks and boomerang attack. Two statistical tests are used: the first is a Frequency test that evaluates the bit confusion property and the second is the Strict Avalanche Criterion (SAC) test that evaluates the bit diffusion property. To evaluate the resistance of the proposed approach to the related-key differential attack and the related-key boomerang attacks, the MILP-based approach is developed. This method counts the minimum number of active S-boxes (finds the related-key differential characteristic) in a given number of rounds for byte-oriented block cipher in the related-key model. The results show that the proposed key expansion function of has excellent statistical properties and agrees with the concept of Shannon's diffusion and confusion bits. The proposed approach is also resistant against the latest related-key differential attacks and related-key boomerang attack found in the original Rijndael. Furthermore, the proposed approach has a software implementation speed approximate to the original Rijndael even in some applications where the key master frequently changes for each processed data block. These results prove that proposed approach performs better than the original Rijndael 128-bit key expansion function and that of previous research.

Preview Text FSKTM 2018 62 IR.pdf Download (1MB) | Preview

Actions (login required)

View Item