Paper 2010/322

Improved Single-Key Attacks on 8-round AES

Orr Dunkelman, Nathan Keller, and Adi Shamir


AES is the most widely used block cipher today, and its security is one of the most important issues in cryptanalysis. After 13 years of analysis, related-key attacks were recently found against two of its flavors (AES-192 and AES-256). However, such a strong type of attack is not universally accepted as a valid attack model, and in the more standard single-key attack model at most 8 rounds of these two versions can be currently attacked. In the case of 8-round AES-192, the only known attack (found 10 years ago) is extremely marginal, requiring the evaluation of essentially all the 2^{128} possible plaintext/ciphertext pairs in order to speed up exhaustive key search by a factor of 16. In this paper we introduce three new cryptanalytic techniques, and use them to get the first non-marginal attack on 8-round AES-192 (making its time complexity about a million times faster than exhaustive search, and reducing its data complexity to about 1/32,000 of the full codebook). In addition, our new techniques can reduce the best known time complexities for all the other combinations of 7-round and 8-round AES-192 and AES-256.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
AEScryptanalysissingle-key attacksmultiset tabulationdifferential enumerationkey bridging
Contact author(s)
orr dunkelman @ weizmann ac il
2011-04-29: revised
2010-05-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Orr Dunkelman and Nathan Keller and Adi Shamir},
      title = {Improved Single-Key Attacks on 8-round AES},
      howpublished = {Cryptology ePrint Archive, Paper 2010/322},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.