Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

  • Patrick Derbez
  • Pierre-Alain Fouque
  • Jérémy Jean
Conference paper

DOI: 10.1007/978-3-642-38348-9_23

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7881)
Cite this paper as:
Derbez P., Fouque PA., Jean J. (2013) Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting. In: Johansson T., Nguyen P.Q. (eds) Advances in Cryptology – EUROCRYPT 2013. EUROCRYPT 2013. Lecture Notes in Computer Science, vol 7881. Springer, Berlin, Heidelberg

Abstract

In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks at Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below 2100. Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of 2107 chosen-plaintexts, a memory complexity of 296 and a time complexity of 2172 for AES-192 and 2196 for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with 2120 chosen plaintexts and time and memory complexities of 2203. All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Patrick Derbez
    • 1
  • Pierre-Alain Fouque
    • 1
    • 2
  • Jérémy Jean
    • 1
  1. 1.École Normale SupérieureParisFrance
  2. 2.Université de RennesFrance

Personalised recommendations