Improved Single-Key Attacks on 8-Round AES-192 and AES-256

  • Orr Dunkelman
  • Nathan Keller
  • Adi Shamir
Conference paper

DOI: 10.1007/978-3-642-17373-8_10

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6477)
Cite this paper as:
Dunkelman O., Keller N., Shamir A. (2010) Improved Single-Key Attacks on 8-Round AES-192 and AES-256. In: Abe M. (eds) Advances in Cryptology - ASIACRYPT 2010. ASIACRYPT 2010. Lecture Notes in Computer Science, vol 6477. Springer, Berlin, Heidelberg

Abstract

AES is the most widely used block cipher today, and its security is one of the most important issues in cryptanalysis. After 13 years of analysis, related-key attacks were recently found against two of its flavors (AES-192 and AES-256). However, such a strong type of attack is not universally accepted as a valid attack model, and in the more standard single-key attack model at most 8 rounds of these two versions can be currently attacked. In the case of 8-round AES-192, the only known attack (found 10 years ago) is extremely marginal, requiring the evaluation of essentially all the 2128 possible plaintext/ciphertext pairs in order to speed up exhaustive key search by a factor of 16. In this paper we introduce three new cryptanalytic techniques, and use them to get the first non-marginal attack on 8-round AES-192 (making its time complexity about a million times faster than exhaustive search, and reducing its data complexity to about 1/32,000 of the full codebook). In addition, our new techniques can reduce the best known time complexities for all the other combinations of 7-round and 8-round AES-192 and AES-256.

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • Orr Dunkelman
    • 1
  • Nathan Keller
    • 1
  • Adi Shamir
    • 1
  1. 1.Faculty of Mathematics and Computer ScienceWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations