Faster Chosen-Key Distinguishers on Reduced-Round AES
In this paper, we study the AES block cipher in the chosen-key setting. The adversary’s goal of this security model is to find triplets (m,m′,k) satisfying some properties more efficiently for the AES scheme than generic attacks. It is a restriction of the classical chosen-key model, since as it has been defined originally, differences in the keys are possible. This model is related to the known-key setting, where the adversary receives a key k, and tries to find a pair of messages (m,m′) that has some property more efficiently than generic attacks. Both models have been called open-key model in the literature and are interesting for the security of AES-based hash functions.
Here, we show that in the chosen-key setting, attacking seven rounds (resp. eight rounds) of AES-128 can be done in time and memory 28 (resp. 224) while the generic attack would require 264 computations as a variant of the birthday paradox can be used to predict the generic complexity. We have checked our results experimentally and we extend them to distinguisers of AES-256.
KeywordsAES Open-key Model Chosen-key Distinguisher Practical Complexities
Unable to display preview. Download preview PDF.
- 1.Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: , pp. 1-18Google Scholar
- 3.Biryukov, A., Nikolic, I.: A New Security Analysis of AES-128. In: CRYPTO 2009 rump session, slides only (2009)Google Scholar
- 5.Bouillaguet, C., Derbez, P., Fouque, P.-A.: Automatic Search of Attacks on Round-Reduced AES and Applications. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 169–187. Springer, Heidelberg (2011)Google Scholar
- 10.Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound Distinguishers: Results on the Full Whirlpool Compression Function. In: , pp. 126-143Google Scholar
- 12.Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 16.NIST: Advanced Encryption Standard (AES), FIPS 197. Technical report, NIST (November 2001)Google Scholar