Paper 2013/573

Improved Meet-in-the-Middle Attacks on AES-192 and PRINCE

Leibo Li, Keting Jia, and Xiaoyun Wang


This paper studies key-recovery attacks on AES-192 and PRINCE under single-key model by methodology of meet-in-the-middle attack. A new technique named key-dependent sieve is proposed to further reduce the memory complexity of Demirci et al.'s attack at EUROCRYPT 2013, which helps us to achieve 9-round attack on AES-192 by using a 5-round distinguisher; the data, time and memory complexities are 2^{121} chosen plaintexts, 2^{185} encryptions and 2^{185} 128- bit memories, respectively. The new technique is also applied to attack block cipher PRINCE. Instead of 6-round results in the previous cryptanalysis, we rst present attacks on 8-round (out of 12) PRINCEcore and PRINCE with about 2^{53} and 2^{60} encryptions, respectively. Furthermore, we construct an interesting 7-round distinguisher and extend the attack to 9-round PRINCE; the attack needs about 2^{57} chosen plaintexts, 2^{64} encryptions and 2^{57.3} 64-bit memories.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
lileibo @ mail sdu edu cn
2013-09-10: received
Short URL
Creative Commons Attribution


      author = {Leibo Li and Keting Jia and Xiaoyun Wang},
      title = {Improved Meet-in-the-Middle Attacks on AES-192 and PRINCE},
      howpublished = {Cryptology ePrint Archive, Paper 2013/573},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.