Page 79 - ISCI’2017
P. 79

case where to the input of each round function (see. Fig. 1) a certain key is fed, and this key is the

            same for all rounds, the cipher becomes vulnerable to slide attack [2, 3]. The option when deployment
            function involves cyclic repetition of a certain set of round keys (round self-similarity ciphers) can

            also be easily reduced to this case [4].


               To confront the key schedule cryptanalytic attacks modern BSC use the complicated round keys
            schedule construction implemented using conversion cipher transformations. One of these BSC is the

            US national standard FIPS -197 (AES) [8, 9], adopted in 2001. It is an international algorithm, which

            is the most prevalent in today's security protocols. The key schedule of BSC AES is a linear array of
            4-byte words. The first elements of the array contain master encryption key, the rest are determined

            recursively by modulo summation of two previous items. For certain positions of the array additional
            cipher transformation is also applied, in particular, the nonlinear permutation data block, and cyclic

            shift and etc. [8, 9]. As a result, a sequence of round key  K  ()x  , K ()x  ,..., K ()x   is formed which non-
                                                                        1    2      t
            linearly dependends on the original master key  K  ()x  , and this additional non-linearity can effectively

            resist slide attacks on key schedule [1].


               Related-key attacks were first proposed in [5] and further developed in [6, 7]. In particular, the

            first cryptanalytic attack on the basis of related keys on a full-cipher AES-192 and AES-256 (variants
            of FIPS-197 with key lengths 192 and 256 bits) was described in [7]. It should be noted that the

            attacks in [7] are more effective than the full search of master keys, i.e. we can talk with certainty
            about the actual decrease of standardized cryptographic algorithm resistance.



               Thus, the attacks on the key schedule are continuously improved and their possible use represents
            a real security threat to modern information systems and technologies [1-7]. Efficient BSC must

            effectively resist to the key schedule attacks and the key schedule construction must not contain any
            vulnerabilities caused by the simplicity of formation and the mutual dependence of cyclic keys [11].

            In fact, we are talking about "ideal" round keys deployment, when each element of the sequence

             K 1 ()x  , K 2 ()x  ,..., K t ()x   are generated randomly, with equal probability,  and  independently of the other

            cyclic keys. Only in this case we can talk with certainty about the futility of the key schedule attacks
            because each round BSC is parameterized by randomly chosen value and would operate

            independently from other iterations of the encryption scheme (see. Fig. 1).


               As an example of the key schedule schemes development we can use the algorithm "Kalyna",

            adopted as a national standard of BSC  in Ukraine [12]. It has enhanced the cyclic key  schedule

                                                                                                          79
   74   75   76   77   78   79   80   81   82   83   84