Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting
نویسندگان
چکیده
In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks of Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below 2. Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of 2 chosen-plaintexts, a memory complexity of 2 and a time complexity of 2 for AES-192 and 2 for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with 2 chosen-plaintexts and time and memory complexities of 2. All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.
منابع مشابه
Total break of Zorro using linear and differential attacks
An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wa...
متن کاملImproved Related-Key Impossible Differential Attacks on Reduced-Round AES-192
In this paper, we present several new related-key impossible differential attacks on 7and 8-round AES-192, following the work of Eli Biham and Orr Dunkelman et al. [1]. We choose another relation of the two related keys, start attacks from the very beginning(instead of the third round in [1]) so as to improve the data and time complexities of their attacks. Furthermore, we point out and correct...
متن کاملSquare Attack on 7-Round Kiasu-BC
Kiasu-BC is a tweakable block cipher presented within the TWEAKEY framework at AsiaCrypt 2014. Kiasu-BC is almost identical to AES-128, the only difference to AES-128 is the tweak addition, where the 64-bit tweak is xored to the first two rows of every round-key. The security analysis of the designers focuses primarily on related-key related-tweak differential characteristics and meet-in-the-mi...
متن کاملCombined Attacks on the AES Key Schedule
We present new combined attacks on the AES key schedule based on the work of Roche et al. [16]. The main drawbacks of the original attack are: the need for high repeatability of the fault, a very particular fault model and a very high complexity of the key recovery algorithm. We consider more practical fault models, we obtain improved key recovery algorithms and we present more attack paths for...
متن کاملBiclique Cryptanalysis of the Full AES
Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cry...
متن کامل