A 128-bit plaintext is XORed with the 128-bit round subkey
in AddRoundKey of an encryption.
If a particular device subkey
is exported as a text file then we can get the last connection time of the USB device.
The grouped transformations (in NormalRound and Subkey
Round) run in an interactive way through the AddRoundKey unit.
It presents the histories, types, and topologies of data-driven boxes, classification of the controlled elements, and fast software-oriented encryption algorithms using the data-driven subkey
section as a main primitive.
Whenever this subkey
mixing does not naturally occur as the initial step of the first round or the final step of the last round, the finalists specify the subkey
mixing as an extra step called pre- or post-whitening.
As for the DFA on the available block ciphers, the last subkey
should be recovered at first by differential analysis.
Study has been made and the result shows, among the AES candidates, Rijndael key schedule fall into a category in which knowledge of a round subkey
yields bits of other round subkeys
or the master key after some simple arithmetic operations or function inversions .
First of all, let us calculate the complexities to recover the subkey
By differential analysis, the last subkey
could be recovered.
: All the possible subkey
values form a set k with size K.
bytes that have to be guessed in each step are shown in the third column.
Compared with traditional differential cryptanalysis, IDC considers the differential characteristics with probability 0, when a pair of plaintexts satisfies the input difference of the characteristics, the difference of ciphertexts decrypted by the right subkey
never satisfy the output difference of characteristics.