Abstract
This paper presents the first security evaluation of the Rijndael cipher with block sizes larger than 128 bits. We describe new higher-order multiset distinguishers for such large-block instances of Rijndael. Both Rijndael and the AES were designed to resist differential and linear cryptanalysis, which is indicated by the number of active S-boxes (minimum of 25 for 4-round AES) for the best differential and linear distinguishers, for which the probability and correlation values are estimated as 2-150 and 2-75. All of these Rijndael variants have been formally defined by their designers as extensions of the AES. We describe new 5-round distinguishers for Rijndael with 160 up to 256-bit blocks, all holding with certainty, and with many more than 25 active S-boxes.
Original language | English |
---|---|
Title of host publication | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
Pages | 277-295 |
Number of pages | 19 |
DOIs | |
Publication status | Published - 2005 |
Externally published | Yes |
Event | International Conference on Cryptology in Malaysia on Progress in Cryptology 2005 - Kuala Lumpur, Malaysia Duration: 28 Sept 2005 → 30 Sept 2005 Conference number: 1st https://link.springer.com/book/10.1007/11554868 (Proceedings) |
Conference
Conference | International Conference on Cryptology in Malaysia on Progress in Cryptology 2005 |
---|---|
Abbreviated title | Mycrypt 2005 |
Country/Territory | Malaysia |
City | Kuala Lumpur |
Period | 28/09/05 → 30/09/05 |
Internet address |
|
Keywords
- Cryptanalysis
- Higher-order multiset attacks
- Rijndael