Improving the Biclique Cryptanalysis of AES

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9144)


Biclique attack is currently the only key-recovery attack on the full AES with a single key. Bogdanov et al. applied it to all the three versions of AES by constructing bicliques with size \(2^8\times 2^8\) and reducing the number of S-boxes computed in the matching phase. Their results were improved later by better selections of differential characteristics in the biclique construction. In this paper, we improve the biclique attack by increasing the biclique size to \(2^{16}\times 2^8\) and \(2^{16}\times 2^{16}\). We have a biclique attack on each of the following AES versions:
  • AES-128 with time complexity \(2^{126.13}\) and data complexity \(2^{56}\),

  • AES-128 with time complexity \(2^{126.01}\) and data complexity \(2^{72}\),

  • AES-192 with time complexity \(2^{189.91}\) and data complexity \(2^{48}\), and

  • AES-256 with time complexity \(2^{254.27}\) and data complexity \(2^{40}\).

Our results have the best time complexities among all the existing key-recovery attacks with data less than the entire code book.


AES Biclique attack Large biclique 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abed, F., Forler, C., List, E., Lucks, S., Wenzel, J.: A framework for automated independent-biclique cryptanalysis. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 561–582. Springer, Heidelberg (2014) Google Scholar
  2. 2.
    Bahrak, B., Aref, M.R.: Impossible differential attack on seven-round AES-128. Information Security, IET 2(2), 28–32 (2008)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: Related-key impossible differential attacks on 8-round AES-192. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 21–33. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  4. 4.
    Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 299–319. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  6. 6.
    Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Chang, D., Ghosh, M., Sanadhya, S.K.: Bicliques with minimal data and time complexity for AES. In: Lee, J., Kim, J. (eds.) Information Security and Cryptology-ICISC 2014. LNCS, pp. 160–174. Springer, Heidelberg (2015) Google Scholar
  8. 8.
    Bogdanov, A., Kavun, E., Paar, C., Rechberger, C., Yalcin, T.: Better than brute-force–optimized hardware architecture for efficient biclique attacks on AES-128. In: ECRYPT Workshop, SHARCS-Special Purpose Hardware for Attacking Cryptographic Systems (2012)Google Scholar
  9. 9.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  10. 10.
    Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 222–240. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  11. 11.
    Chen, Sz, Xu, Tm: Biclique attack of the full ARIA-256. IACR Cryptology ePrint Archive 2012, 11 (2012)Google Scholar
  12. 12.
    Çoban, M., Karakoç, F., Boztaş, Ö.: Biclique cryptanalysis of TWINE. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 43–55. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  13. 13.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES - the advanced encryption standard. Springer Science & Business Media (2002)Google Scholar
  14. 14.
    Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158–176. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  15. 15.
    Gorski, M., Lucks, S.: New related-key boomerang attacks on AES. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 266–278. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  16. 16.
    Hong, D., Koo, B., Kwon, D.: Biclique attack on the full HIGHT. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 365–374. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  17. 17.
    Jakimoski, G., Desmedt, Y.: Related-key differential cryptanalysis of 192-bit key AES variants. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 208–221. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  18. 18.
    Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-bicliques: cryptanalysis of full IDEA. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 392–410. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244–263. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  20. 20.
    Li, L., Jia, K., Wang, X.: Improved single-key attacks on 9-round AES-192/256. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 127–146. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  21. 21.
    Mala, H.: Biclique-based cryptanalysis of the block cipher \(\text{ SQUARE }\). Information Security, IET 8(3), 207–212 (2014)CrossRefGoogle Scholar
  22. 22.
    Mala, H., Dakhilalian, M., Rijmen, V., Modarres-Hashemi, M.: Improved impossible differential cryptanalysis of 7-round \(\text{ AES }\)-128. In: Progress in Cryptology-INDOCRYPT 2010, pp. 282–291. Springer (2010)Google Scholar
  23. 23.
    Wang, Y., Wu, W., Yu, X.: Biclique cryptanalysis of reduced-round piccolo block cipher. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 337–352. Springer, Heidelberg (2012) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Nanyang Technological UniversitySingaporeRepublic of Singapore

Personalised recommendations