Paper 2017/139

Revisiting AES Related-Key Differential Attacks with Constraint Programming

David Gérault, Pascal Lafourcade, Marine Minier, and Christine Solnon


The Advanced Encryption Standard (AES) is one of the most studied symmetric encryption schemes. During the last years, several attacks have been discovered in different adversary models. In this paper, we focus on related-key differential attacks, where the adversary may introduce differences in plaintext pairs and also in keys. We show that Constraint Programming (CP) can be used to model these attacks, and that it allows us to efficiently find all optimal related-key differential characteristics for AES-128, AES-192 and AES-256. In particular, we improve the best related-key differential for the whole AES-256 and give the best related-key differential on 10 rounds of AES-192, which is the differential trail with the longest path. Those results allow us to improve existing related-key distinguishers, basic related-key attacks and $q$-multicollisions on AES-256.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
AESConstraint ProgrammingRelated Key differential
Contact author(s)
marine minier @ loria fr
2018-07-02: last of 2 revisions
2017-02-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {David Gérault and Pascal Lafourcade and Marine Minier and Christine Solnon},
      title = {Revisiting AES Related-Key Differential Attacks with Constraint Programming},
      howpublished = {Cryptology ePrint Archive, Paper 2017/139},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.