Improved Impossible Differential Attacks on 6-round AES

Impossible differential attacks on AES have been proposed up to 6-round which requires chosen plaintexts and 6-round AES encryptions. In this paper, we introduce various 4-round impossible differentials and using them, we propose improved impossible differential attacks on 6-round AES. The current attacks require chosen plaintexts and 6-round AES encryptions to retrieve 11 bytes of the first and the last round keys.