## Cryptology ePrint Archive: Report 2012/477

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

Patrick Derbez and Pierre-Alain Fouque and Jérémy Jean

Abstract: In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks of Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below $2^{100}$. Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of $2^{107}$ chosen-plaintexts, a memory complexity of $2^{96}$ and a time complexity of $2^{172}$ for AES-192 and $2^{196}$ for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with $2^{120}$ chosen-plaintexts and time and memory complexities of $2^{203}$. All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.

Category / Keywords: secret-key cryptography / AES, Cryptanalysis

Contact author: Jeremy Jean at ens fr

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2012/477

[ Cryptology ePrint archive ]