## Improved key recovery attacks on reduced-round AES in the single-key setting.(English)Zbl 1306.94044

Johansson, Thomas (ed.) et al., Advances in cryptology – EUROCRYPT 2013. 32nd annual international conference on the theory and applications of cryptographic techniques, Athens, Greece, May 26–30, 2013. Proceedings. Berlin: Springer (ISBN 978-3-642-38347-2/pbk). Lecture Notes in Computer Science 7881, 371-387 (2013).
Summary: In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on O. Dunkelman, N. Keller and A. Shamir attacks at Asiacrypt 2010 [Lect. Notes Comput. Sci. 6477, 158–176 (2010; Zbl 1253.94045)]. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below $$2^{100}$$. Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of $$2^{107}$$ chosen-plaintexts, a memory complexity of $$2^{96}$$ and a time complexity of $$2^{172}$$ for AES-192 and $$2^{196}$$ for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with $$2^{120}$$ chosen plaintexts and time and memory complexities of $$2^{203}$$. All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.
For the entire collection see [Zbl 1263.94005].

### MSC:

 94A60 Cryptography

Zbl 1253.94045
Full Text: