Paper 2012/477

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

Patrick Derbez, Pierre-Alain Fouque, and Jérémy Jean

Abstract

In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks of Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below $2^{100}$. Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of $2^{107}$ chosen-plaintexts, a memory complexity of $2^{96}$ and a time complexity of $2^{172}$ for AES-192 and $2^{196}$ for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with $2^{120}$ chosen-plaintexts and time and memory complexities of $2^{203}$. All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AESCryptanalysis
Contact author(s)
Jeremy Jean @ ens fr
History
2012-08-21: received
Short URL
https://ia.cr/2012/477
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/477,
      author = {Patrick Derbez and Pierre-Alain Fouque and Jérémy Jean},
      title = {Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting},
      howpublished = {Cryptology ePrint Archive, Paper 2012/477},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/477}},
      url = {https://eprint.iacr.org/2012/477}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.