Zero-Correlation Linear Cryptanalysis of Reduced Round ARIA with Partial-sum and FFT

TL;DR

This paper presents the first zero-correlation linear cryptanalysis of reduced-round ARIA, utilizing Partial-sum and FFT techniques to efficiently recover keys on 6 and 7-round versions, revealing new vulnerabilities.

Contribution

It introduces the first zero-correlation linear cryptanalysis results on ARIA and applies Partial-sum and FFT techniques to improve attack efficiency.

Findings

Successfully attacked 6-round ARIA-128/256 with key-recovery attacks.

Extended attacks to 7-round ARIA-256 using Partial-sum and FFT techniques.

Provided concrete data complexities for each attack, demonstrating feasibility.

Abstract

Block cipher ARIA was first proposed by some South Korean experts in 2003, and later, it was established as a Korean Standard block cipher algorithm by Korean Agency for Technology and Standards. In this paper, we focus on the security evaluation of ARIA block cipher against the recent zero-correlation linear cryptanalysis. In addition, Partial-sum technique and FFT (Fast Fourier Transform) technique are used to speed up the cryptanalysis, respectively. We first introduce some 4-round linear approximations of ARIA with zero-correlation, and then present some key-recovery attacks on 6/7-round ARIA-128/256 with Partial-sum technique and FFT technique.The key-recovery attack with Partial-sum technique on 6-round ARIA-128 needs 2^{123.6}known plaintexts (KPs), 2^{121} encryptions and 2^{90.3} bytes memory, and the attack with FFT technique requires 2^{124.1} KPs, 2^{121.5} encryptions and 2^{90.3}bytes memory. Moreover, applying Partial-sum technique, we can attack 7-round ARIA-256 with 2^{124.6} KPs, 2^{203.5} encryptions and 2^{152} bytes and 7-round ARIA-256 employing FFT technique, requires 2^{124.7} KPs, 2^{209.5} encryptions and 2^{152} bytes. Our results are the first zero-correlation linear cryptanalysis results on ARIA.