By Topic

Dedicated linear attack on ARIA version 1.0

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
3 Author(s)
Shenhua Li ; Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education, Shandong University, Ji'nan 250100, China ; Haina Zhang ; Xiaoyun Wang

ARIA is a new block cipher designed as the block cipher standard of South Korea. The current version is 1.0, which is an improvement of version 0.8 with the security using four kinds of S-boxes instead of two and an additional two rounds of encryptions. These improvements are designed to prevent the dedicated linear attack on ARIA version 0.8 by the four different kinds of S-boxes. This paper presents 12 linear approximations of a single round function that succeeds in attacking ARIA version 1.0 on 7, 9, or 9 rounds for key sizes of 128, 192, or 256 bits using any of these approximations. The corresponding data complexities are 2 87, 2119, and 2 119, the counting complexities are 1.5 × 288, 2119, and 2 119, the memory required for each attack on all three key versions is 2 64 bits and there are 12 weak key classes. These results are similar to the dedicated linear attack on ARIA version 0.8 and show that the improved version can also not effectively resist this type of attack.

Published in:

Tsinghua Science and Technology  (Volume:14 ,  Issue: 2 )