Paper 2010/633

Low Data Complexity Attacks on AES

Charles Bouillaguet, Patrick Derbez, Orr Dunkelman, Nathan Keller, Vincent Rijmen, and Pierre-Alain Fouque


The majority of current attacks on reduced-round variants of block ciphers seeks to maximize the number of rounds that can be broken, using less data than the entire codebook and less time than exhaustive key search. In this paper, we pursue a different approach, restricting the data available to the adversary to a few plaintext/ciphertext pairs. We show that consideration of such attacks (which received little attention in recent years) serves an important role in assessing the security of block ciphers and of other cryptographic primitives based on block ciphers. In particular, we show that these attacks can be leveraged to more complex attacks, either on the block cipher itself or on other primitives (e.g., stream ciphers, MACs, or hash functions) that use a small number of rounds of the block cipher as one of their components. As a case study, we consider the AES --- the most widely used block cipher, whose round function is used in various cryptographic primitives. We present attacks on up to four rounds of AES that require at most 10 known/chosen plaintexts. We then apply these attacks to cryptanalyze a variant of the stream cipher LEX, and to mount a new known plaintext attack on 6-round AES.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
AESCryptanalysisSide Channel AttacksSlide AttacksLEX
Contact author(s)
orr dunkelman @ weizmann ac il
2011-02-23: last of 2 revisions
2010-12-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Charles Bouillaguet and Patrick Derbez and Orr Dunkelman and Nathan Keller and Vincent Rijmen and Pierre-Alain Fouque},
      title = {Low Data Complexity Attacks on {AES}},
      howpublished = {Cryptology ePrint Archive, Paper 2010/633},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.