New multiset attacks on Rijndael with large blocks

Jorge Nakahara, Daniel Santana De Freitas, Raphael C.W. Phan

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

25 Citations (Scopus)

Abstract

This paper presents the first security evaluation of the Rijndael cipher with block sizes larger than 128 bits. We describe new higher-order multiset distinguishers for such large-block instances of Rijndael. Both Rijndael and the AES were designed to resist differential and linear cryptanalysis, which is indicated by the number of active S-boxes (minimum of 25 for 4-round AES) for the best differential and linear distinguishers, for which the probability and correlation values are estimated as 2-150 and 2-75. All of these Rijndael variants have been formally defined by their designers as extensions of the AES. We describe new 5-round distinguishers for Rijndael with 160 up to 256-bit blocks, all holding with certainty, and with many more than 25 active S-boxes.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages277-295
Number of pages19
DOIs
Publication statusPublished - 2005
Externally publishedYes
EventInternational Conference on Cryptology in Malaysia on Progress in Cryptology 2005 - Kuala Lumpur, Malaysia
Duration: 28 Sept 200530 Sept 2005
Conference number: 1st
https://link.springer.com/book/10.1007/11554868 (Proceedings)

Conference

ConferenceInternational Conference on Cryptology in Malaysia on Progress in Cryptology 2005
Abbreviated titleMycrypt 2005
Country/TerritoryMalaysia
CityKuala Lumpur
Period28/09/0530/09/05
Internet address

Keywords

  • Cryptanalysis
  • Higher-order multiset attacks
  • Rijndael

Cite this