Improved Single-Key Attacks on 8-Round AES-192 and AES-256

AES is the most widely used block cipher today, and its security is one of the most important issues in cryptanalysis. After 13 years of analysis, related-key attacks were recently found against two of its flavors (AES-192 and AES-256). However, such a strong type of attack is not universally accepted as a valid attack model, and in the more standard single-key attack model at most 8 rounds of these two versions can be currently attacked. In the case of 8-round AES-192, the only known attack (found 10 years ago) is extremely marginal, requiring the evaluation of essentially all the 2128 possible plaintext/ciphertext pairs in order to speed up exhaustive key search by a factor of 16. In this paper we introduce three new cryptanalytic techniques, and use them to get the first non-marginal attack on 8-round AES-192 (making its time complexity about a million times faster than exhaustive search, and reducing its data complexity to about 1/32,000 of the full codebook). In addition, our new techniques can reduce the best known time complexities for all the other combinations of 7-round and 8-round AES-192 and AES-256.

[1]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[2]  Pierre-Alain Fouque,et al.  Exhausting Demirci-Selçuk Meet-in-the-Middle Attacks against Reduced-Round AES , 2013, IACR Cryptol. ePrint Arch..

[3]  Jongsung Kim,et al.  Related-Key Rectangle Attacks on Reduced AES-192 and AES-256 , 2007, FSE.

[4]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[5]  Dengguo Feng,et al.  New Results on Impossible Differential Cryptanalysis of Reduced AES , 2007, ICISC.

[6]  Peng Zhang,et al.  New Impossible Differential Cryptanalysis of ARIA , 2008, IACR Cryptol. ePrint Arch..

[7]  Jung Hee Cheon,et al.  Improved Impossible Differential Cryptanalysis of Rijndael and Crypton , 2001, ICISC.

[8]  Orr Dunkelman,et al.  A New Attack on the LEX Stream Cipher , 2008, ASIACRYPT.

[9]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[10]  Eli Biham,et al.  Cryptanalysis of reduced variants of RIJNDAEL , 2000 .

[11]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[12]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[13]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[14]  Dengguo Feng,et al.  Improved Related-Key Impossible Differential Attacks on Reduced-Round AES-192 , 2006, Selected Areas in Cryptography.

[15]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[16]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[17]  Marine Minier,et al.  A Collision Attack on 7 Rounds of Rijndael , 2000, AES Candidate Conference.

[18]  Stefan Lucks,et al.  Western European Workshop on Research in Cryptology , 2005 .

[19]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[20]  Raphael C.-W. Phan,et al.  Impossible differential cryptanalysis of 7-round Advanced Encryption Standard (AES) , 2004, Inf. Process. Lett..

[21]  Behnam Bahrak,et al.  Impossible differential attack on seven-round AES-128 , 2008, IET Inf. Secur..

[22]  Stefan Lucks,et al.  Attacking Seven Rounds of Rijndael under 192-bit and 256-bit Keys , 2000, AES Candidate Conference.

[23]  Alex Biryukov,et al.  Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds , 2010, IACR Cryptol. ePrint Arch..

[24]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[25]  Jongsung Kim,et al.  New Impossible Differential Attacks on AES , 2008, INDOCRYPT.