2024 Volume E107.A Issue 8 Pages 1212-1228
In this study, we focus on evaluating the false-positive probability of the Demirci-Selçuk meet-in-the-middle attack, particularly within the context of configuring precomputed tables with multisets. During the attack, the adversary effectively reduces the size of the key space by filtering out the wrong keys, subsequently recovering the master key from the reduced key space. The false-positive probability is defined as the probability that a wrong key will pass through the filtering process. Due to its direct impact on the post-filtering key space size, the false-positive probability is an important factor that influences the complexity and feasibility of the attack. However, despite its significance, the false-positive probability of the multiset-based Demirci-Selçuk meet-in-the-middle attack has not been thoroughly discussed, to the best of our knowledge. We generalize the Demirci-Selçuk meet-in-the-middle attack and present a sophisticated method for accurately calculating the false-positive probability. We validate our methodology through toy experiments, demonstrating its high precision. Additionally, we propose a method to optimize an attack by determining the optimal format of precomputed data, which requires the precise false-positive probability. Applying our approach to previous attacks on AES and ARIA, we have achieved modest improvements. Specifically, we enhance the memory complexity and time complexity of the offline phase of previous attacks on 7-round AES-128/192/256, 7-round ARIA-192/256, and 8-round ARIA-256 by factors ranging from 20.56 to 23. Additionally, we have improved the overall time complexity of attacks on 7-round ARIA-192/256 by factors of 20.13 and 20.42, respectively.