Improved Single-Key Attacks on 8-Round AES-192 and AES-256

Orr Dunkelman, Nathan Keller, Adi Shamir

Research output: Contribution to journalArticlepeer-review

Abstract

AES is the most widely used block cipher today, and its security is one of the most important issues in cryptanalysis. After 13 years of analysis, related-key attacks were recently found against two of its flavors (AES-192 and AES-256). However, such a strong type of attack is not universally accepted as a valid attack model, and in the more standard single-key attack model at most 8 rounds of these two versions can be currently attacked. In the case of 8-round AES-192, the only known attack (found 10 years ago) is extremely marginal, requiring the evaluation of essentially all the 2128 possible plaintext/ciphertext pairs in order to speed up exhaustive key search by a factor of 16. In this paper we introduce three new cryptanalytic techniques, and use them to get the first non-marginal attack on 8-round AES-192 (making its time complexity about a million times faster than exhaustive search, and reducing its data complexity to about 1/32,000 of the full codebook). In addition, our new techniques can reduce the best known time complexities for all the other combinations of 7-round and 8-round AES-192 and AES-256.

Original languageEnglish
Pages (from-to)397-422
Number of pages26
JournalJournal of Cryptology
Volume28
Issue number3
DOIs
StatePublished - 12 Jul 2015

Bibliographical note

Publisher Copyright:
© 2013, International Association for Cryptologic Research.

Keywords

  • AES
  • Cryptanalysis
  • Differential enumeration
  • Key bridging
  • Multiset tabulation
  • Single-key attacks

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Applied Mathematics

Fingerprint

Dive into the research topics of 'Improved Single-Key Attacks on 8-Round AES-192 and AES-256'. Together they form a unique fingerprint.

Cite this