Paper 2015/144
Security of the AES with a Secret S-box
Tyge Tiessen, Lars R. Knudsen, Stefan Kölbl, and Martin M. Lauridsen
Abstract
How does the security of the AES change when the S-box is replaced
by a secret S-box, about which the adversary has no knowledge? Would it be safe to reduce the number of encryption rounds?
In this paper, we demonstrate attacks based on integral cryptanalysis
which allows to recover both the secret key and the secret S-box for respectively four, five,
and six rounds of the AES. Despite the significantly larger amount of secret information which an
adversary needs to recover, the attacks are very efficient with
time/data complexities of
Note: Added acknowledgements.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published by the IACR in FSE 2015
- Keywords
- AESintegral cryptanalysissecret S-box
- Contact author(s)
- tyti @ dtu dk
- History
- 2015-03-02: revised
- 2015-02-27: received
- See all versions
- Short URL
- https://ia.cr/2015/144
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/144, author = {Tyge Tiessen and Lars R. Knudsen and Stefan Kölbl and Martin M. Lauridsen}, title = {Security of the {AES} with a Secret S-box}, howpublished = {Cryptology {ePrint} Archive, Paper 2015/144}, year = {2015}, url = {https://eprint.iacr.org/2015/144} }