The Exchange Attack: How to Distinguish 6 Rounds of AES with $2^{88.2}$ chosen plaintexts

You are looking at a specific version 20190604:070956 of this paper. See the latest version.

Paper 2019/652

The Exchange Attack: How to Distinguish 6 Rounds of AES with $2^{88.2}$ chosen plaintexts

Navid Ghaedi Bardeh and Sondre Rønjom

Abstract

In this paper we present exchange equivalence attacks which is a cryptanalytic attack technique suitable for SPN-like block cipher designs. Our new technique results in a secret-key chosen plaintext distinguisher for 6-round AES. The complexity of the distinguisher is about $2^{88.2}$ in terms of data, memory and computational complexity. The distinguishing attack for AES reduced to 6 rounds is a straight-forward extension of an exchange attack for 5-round AES that requires about $2^{30}$ in terms of chosen plaintexts and computation. This is also a new record for AES reduced to 5 rounds. The main result of this paper is that AES up to at least 6 rounds is biased when restricted to exchange invariant sets of plaintexts.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Preprint. MINOR revision.
Keywords: SPN AES Exchange Equivalence Attacks Exchange Invariant Sets Exchange Equivalence Class Secret-Key model Difference Cryptanalysis
Contact author(s): Navid bardeh @ uib no
History: 2019-09-14: revised; 2019-06-04: received; See all versions
Short URL: https://ia.cr/2019/652
License: CC BY