Improving the Biclique Cryptanalysis of AES

Biclique attack is currently the only key-recovery attack on the full AES with a single key. Bogdanov et al. applied it to all the three versions of AES by constructing bicliques with size \(2^8\times 2^8\) and reducing the number of S-boxes computed in the matching phase. Their results were improved later by better selections of differential characteristics in the biclique construction. In this paper, we improve the biclique attack by increasing the biclique size to \(2^{16}\times 2^8\) and \(2^{16}\times 2^{16}\). We have a biclique attack on each of the following AES versions: AES-128 with time complexity \(2^{126.13}\) and data complexity \(2^{56}\), AES-128 with time complexity \(2^{126.01}\) and data complexity \(2^{72}\), AES-192 with time complexity \(2^{189.91}\) and data complexity \(2^{48}\), and AES-256 with time complexity \(2^{254.27}\) and data complexity \(2^{40}\).

[1]  Stefan Lucks,et al.  A Framework for Automated Independent-Biclique Cryptanalysis , 2013, FSE.

[2]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[3]  Gaëtan Leurent,et al.  Narrow-Bicliques: Cryptanalysis of Full IDEA , 2012, EUROCRYPT.

[4]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[5]  Behnam Bahrak,et al.  Impossible differential attack on seven-round AES-128 , 2008, IET Inf. Secur..

[6]  Alex Biryukov,et al.  Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds , 2010, IACR Cryptol. ePrint Arch..

[7]  Stefan Lucks,et al.  New Related-Key Boomerang Attacks on AES , 2008, INDOCRYPT.

[8]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[9]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[10]  Dmitry Khovratovich,et al.  Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family , 2012, IACR Cryptol. ePrint Arch..

[11]  Keting Jia,et al.  Improved Single-Key Attacks on 9-Round AES-192/256 , 2014, FSE.

[12]  Daesung Kwon,et al.  Biclique Attack on the Full HIGHT , 2011, ICISC.

[13]  Yvo Desmedt,et al.  Related-Key Differential Cryptanalysis of 192-bit Key AES Variants , 2003, Selected Areas in Cryptography.

[14]  H. Mala,et al.  Biclique-based cryptanalysis of the block cipher SQUARE , 2014, IET Inf. Secur..

[15]  Andrey Bogdanov,et al.  Bicliques with Minimal Data and Time Complexity for AES , 2014, ICISC.

[16]  Xiaoli Yu,et al.  Biclique Cryptanalysis of Reduced-Round Piccolo Block Cipher , 2012, ISPEC.

[17]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[18]  Ferhat Karakoç,et al.  Biclique Cryptanalysis of TWINE , 2012, CANS.

[19]  Технология Springer Science+Business Media , 2013 .

[20]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[21]  Andrey Bogdanov,et al.  Better than Brute-Force --- Optimized Hardware Architecture for Efficient Biclique Attacks on AES-128 , 2012 .

[22]  Jongsung Kim,et al.  Information Security and Cryptology - ICISC 2014 , 2014, Lecture Notes in Computer Science.

[23]  Anne Canteaut,et al.  Sieve-in-the-Middle: Improved MITM Attacks (Full Version) , 2013, IACR Cryptol. ePrint Arch..

[24]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[25]  Eli Biham,et al.  Related-Key Impossible Differential Attacks on 8-Round AES-192 , 2006, CT-RSA.

[26]  Shao-zhen Chen,et al.  Biclique Attack of the Full ARIA-256 , 2012, IACR Cryptol. ePrint Arch..