CSCI 7000 - Crypto Seminar - Spring 2003

Assignment #4

Due: Apr 8th, 2003 at 11am MDT

1. While discussing the Square attack on 4-round Rijndael, I claimed that if a particular column in a Lambda-set had exactly 1 active cell, then after the application of MixColumn, the entire column would become active. Please prove this.

2. On the survey, several people wanted some programming work assigned as long as it wasn't TOO MUCH programming. So here is some programming work for you to do.

Please implement the 4-round attack against Rijndael.

First, download the Rijndael source to your computer and unzip it and build it (for Unix, just run make; you might have to add the line CC=gcc if the cc compiler does not exist on your machine). Then download a program I wrote 4rnds.c and build it. For unix

  % gcc rijndael-alg-fst.o 4rnds.c
and your executable is a.out. If you examine the source to 4rnds.c, you'll see that I have the number of rounds (AES_ROUNDS) set to 4, and the key is set to all 0's. Run a.out and make sure you get the same output as what I got.

If you get something else, don't continue! You need to get this right before proceeding!

Ok, now here's your goal: I ran this same program, 4rnds.c, with a different key which I'm not telling you, but the same plaintexts (which happen to be very nice for the Square attack, as you can see from the source code). Under this secret key, I got 256 ciphertexts which you now will use to mount the attack.

The answer to this problem is the value of that secret key. This means you'll have to study the key schedule, but that's not too hard. Along with your answer, please provide the well-documented source code you used to crack this cipher.

As has been pointed out, you probably will get several candidate keys. You can narrow these down by trying each of them on the following plaintext/ciphertext pair (which uses the same secret key you are looking for). If there is still more than one candidate key which works, please hand in all that you found.

pt: 0102030405060708090a0b0c0d0e0f00
ct: 71fae486fafc990d4a44a21a7fac6b75