Paper 2019/652

The Exchange Attack: How to Distinguish Six Rounds of AES with 288.2 chosen plaintexts

Navid Ghaedi Bardeh and Sondre Rønjom

Abstract

In this paper we present exchange-equivalence attacks which is a new cryptanalytic attack technique suitable for SPN-like block cipher designs. Our new technique results in the first secret-key chosen plaintext distinguisher for 6-round AES. The complexity of the distinguisher is about 288.2 in terms of data, memory and computational complexity. The distinguishing attack for AES reduced to six rounds is a straight-forward extension of an exchange attack for 5-round AES that requires 230 in terms of chosen plaintexts and computation. This is also a new record for AES reduced to five rounds. The main result of this paper is that AES up to at least six rounds is biased when restricted to exchange-invariant sets of plaintexts.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in ASIACRYPT 2019
Keywords
SPNAESExchange Equivalence AttacksExchange Invariant SetsExchange Equivalence ClassSecret-Key modelDifferential Cryptanalysis
Contact author(s)
Navid bardeh @ uib no
History
2019-09-14: revised
2019-06-04: received
See all versions
Short URL
https://ia.cr/2019/652
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/652,
      author = {Navid Ghaedi Bardeh and Sondre Rønjom},
      title = {The Exchange Attack: How to Distinguish Six Rounds of {AES} with $2^{88.2}$ chosen plaintexts},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/652},
      year = {2019},
      url = {https://eprint.iacr.org/2019/652}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.