I am reading the "Biclique cryptanalysis of the full AES" paper. What do they mean by "sharing active S-boxes"? How can this concept can be advantageous to make a bicycle? If there is someone who reads this paper, please explain it to me.
Asked
Active
Viewed 191 times
1 Answers
6
We talk about cryptanalytic tools here. A differential trail describes how a certain difference evolutes throughout the cipher, which helps to find out a key in a standard differential cryptanalysis. Each trail activates certain non-linear operations (S-boxes), which contribute to its probability (a difference goes through a nonlinear operation probabilistically).
The biclique key search method works with a pair of such trails in a small part of the cipher. For the method to work, these trails must activate non-interleaving groups of S-boxes, otherwise more sophisticated conditions come into play.
Dmitry Khovratovich
- 5,737
- 23
- 25