Related-Key Cryptanalysis of the Full AES-192 and AES-256
- Cite this paper as:
- Biryukov A., Khovratovich D. (2009) Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg
In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has 299.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolić works for a weak key class and has much higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle.
The extended version of this paper is available at http://eprint.iacr.org/2009/317.pdf.