IET Information Security (Jan 2022)
New attacks against reduced Rijndael‐160
Abstract
Abstract The first 9‐round meet‐in‐the‐middle (MITM) attack and improved 8‐round impossible differential (ID) attacks on Rijndael‐160 are studied here. For the first 9‐round MITM attack, a new effective attack path is explored by using the generalised δ‐set and the generalised multiset, which are based on the property that the difference branch number of MixColumns is 5. With this attack path, a 5‐round MITM distinguisher with a technique of the truncated differential characteristic is proposed, and then the attack on 9‐round Rijndael‐160 is performed. For the improved 8‐round ID attacks, to take advantage of the key‐schedule weaknesses for Rijndael‐160 under key sizes of 160 and 256 bits, some new attack paths are found. With these attack paths, the 5‐round IDs are proposed based on the property of MixColumns above, and then the attacks on the 8‐round Rijndael‐160 under key sizes of 160 and 256 bits are performed. When compared with the currently known attacks, the proposed attacks have lower data, time, and memory complexities.
Keywords