Improved key recovery attacks on reduced-round AES in the single-key setting. (English) Zbl 1306.94044

Johansson, Thomas (ed.) et al., Advances in cryptology – EUROCRYPT 2013. 32nd annual international conference on the theory and applications of cryptographic techniques, Athens, Greece, May 26–30, 2013. Proceedings. Berlin: Springer (ISBN 978-3-642-38347-2/pbk). Lecture Notes in Computer Science 7881, 371-387 (2013).
Summary: In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on O. Dunkelman, N. Keller and A. Shamir attacks at Asiacrypt 2010 [Lect. Notes Comput. Sci. 6477, 158–176 (2010; Zbl 1253.94045)]. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below \(2^{100}\). Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of \(2^{107}\) chosen-plaintexts, a memory complexity of \(2^{96}\) and a time complexity of \(2^{172}\) for AES-192 and \(2^{196}\) for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with \(2^{120}\) chosen plaintexts and time and memory complexities of \(2^{203}\). All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.
For the entire collection see [Zbl 1263.94005].


94A60 Cryptography


Zbl 1253.94045
Full Text: DOI