Cryptanalysis of AES-PRF and its dual
A dedicated pseudorandom function (PRF) called AES-PRF was proposed by Mennink and Neves at FSE 2018 (ToSC 2017, Issue 3). AES-PRF is obtained from AES by using the output of the 5-th round as the feed-forward to the output state. This paper presents extensive security analysis of AES-PRF and its va...
Saved in:
Main Authors: | , , , , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | English |
Published: |
2019
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/104039 http://hdl.handle.net/10220/49461 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-104039 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1040392023-02-28T19:44:14Z Cryptanalysis of AES-PRF and its dual Todo, Yosuke Sun, Siwei Iwata, Tetsu Derbez, Patrick Sun, Ling Wang, Meiqin Wang, Haoyang School of Physical and Mathematical Sciences AES-PRF Dual-AES-PRF DRNTU::Science::Mathematics A dedicated pseudorandom function (PRF) called AES-PRF was proposed by Mennink and Neves at FSE 2018 (ToSC 2017, Issue 3). AES-PRF is obtained from AES by using the output of the 5-th round as the feed-forward to the output state. This paper presents extensive security analysis of AES-PRF and its variants. Specifically, we consider unbalanced variants where the output of the s-th round is used as the feed-forward. We also analyze the security of “dual” constructions of the unbalanced variants, where the input state is used as the feed-forward to the output of the s-th round. We apply an impossible differential attack, zero-correlation linear attack, traditional differential attack, zero correlation linear distinguishing attack and a meet-in-the-middle attack on these PRFs and reduced round versions. We show that AES-PRF is broken whenever s ≤ 2 or s ≥ 6, or reduced to 7 rounds, and Dual-AES-PRF is broken whenever s ≤ 4 or s ≥ 8. Our results on AES-PRF improve the initial security evaluation by the designers in various ways, and our results on Dual-AES-PRF give the first insight to its security. Published version 2019-07-24T06:41:28Z 2019-12-06T21:25:04Z 2019-07-24T06:41:28Z 2019-12-06T21:25:04Z 2018 Journal Article Derbez, P., Iwata, T., Sun, L., Sun, S., Todo, Y., Wang, H., & Wang, M. (2018). Cryptanalysis of AES-PRF and its dual. IACR Transactions on Symmetric Cryptology, 2018(2), 161-191. doi:10.13154/tosc.v2018.i2.161-191 https://hdl.handle.net/10356/104039 http://hdl.handle.net/10220/49461 10.13154/tosc.v2018.i2.161-191 en IACR Transactions on Symmetric Cryptology © 2018 The Author(s). All rights reserved. This paper was published by Ruhr University Bochum in IACR Transactions on Symmetric Cryptology and is made available with permission of The Author(s). 31 p. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
AES-PRF Dual-AES-PRF DRNTU::Science::Mathematics |
spellingShingle |
AES-PRF Dual-AES-PRF DRNTU::Science::Mathematics Todo, Yosuke Sun, Siwei Iwata, Tetsu Derbez, Patrick Sun, Ling Wang, Meiqin Wang, Haoyang Cryptanalysis of AES-PRF and its dual |
description |
A dedicated pseudorandom function (PRF) called AES-PRF was proposed by Mennink and Neves at FSE 2018 (ToSC 2017, Issue 3). AES-PRF is obtained from AES by using the output of the 5-th round as the feed-forward to the output state. This paper presents extensive security analysis of AES-PRF and its variants. Specifically, we consider unbalanced variants where the output of the s-th round is used as the feed-forward. We also analyze the security of “dual” constructions of the unbalanced variants, where the input state is used as the feed-forward to the output of the s-th round. We apply an impossible differential attack, zero-correlation linear attack, traditional differential attack, zero correlation linear distinguishing attack and a meet-in-the-middle attack on these PRFs and reduced round versions. We show that AES-PRF is broken whenever s ≤ 2 or s ≥ 6, or reduced to 7 rounds, and Dual-AES-PRF is broken whenever s ≤ 4 or s ≥ 8. Our results on AES-PRF improve the initial security evaluation by the designers in various ways, and our results on Dual-AES-PRF give the first insight to its security. |
author2 |
School of Physical and Mathematical Sciences |
author_facet |
School of Physical and Mathematical Sciences Todo, Yosuke Sun, Siwei Iwata, Tetsu Derbez, Patrick Sun, Ling Wang, Meiqin Wang, Haoyang |
format |
Article |
author |
Todo, Yosuke Sun, Siwei Iwata, Tetsu Derbez, Patrick Sun, Ling Wang, Meiqin Wang, Haoyang |
author_sort |
Todo, Yosuke |
title |
Cryptanalysis of AES-PRF and its dual |
title_short |
Cryptanalysis of AES-PRF and its dual |
title_full |
Cryptanalysis of AES-PRF and its dual |
title_fullStr |
Cryptanalysis of AES-PRF and its dual |
title_full_unstemmed |
Cryptanalysis of AES-PRF and its dual |
title_sort |
cryptanalysis of aes-prf and its dual |
publishDate |
2019 |
url |
https://hdl.handle.net/10356/104039 http://hdl.handle.net/10220/49461 |
_version_ |
1759855606098821120 |