Practical Attacks on Reduced-Round AES

In this paper we investigate the security of 5-round AES against two different attacks in an adaptive setting. We present a practical key-recovery attack on 5-round AES with a secret s-box that requires \(2^{32}\) adaptively chosen ciphertexts, which is as far as we know a new record. In addition, we present a new and practical key-independent distinguisher for 5-round AES which requires \(2^{27.2}\) adaptively chosen ciphertexts. While the data complexity of this distinguisher is in the same range as the current best 5-round distinguisher [14], it exploits new structural properties of 5-round AES.

[1]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[2]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[3]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[4]  Nicky Mouha,et al.  Simpira v2: A Family of Efficient Permutations Using the AES Round Function , 2016, ASIACRYPT.

[5]  Vincent Rijmen,et al.  New Insights on AES-Like SPN Ciphers , 2016, CRYPTO.

[6]  Lorenzo Grassi,et al.  MixColumns Properties and Attacks on (round-reduced) AES with a Single Secret S-Box , 2018, IACR Cryptol. ePrint Arch..

[7]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[8]  Vincent Rijmen,et al.  Low-Data Complexity Attacks on AES , 2012, IEEE Transactions on Information Theory.

[9]  Tor Helleseth,et al.  Yoyo Tricks with AES , 2017, ASIACRYPT.

[10]  Christian Rechberger,et al.  Subspace Trail Cryptanalysis and its Applications to AES , 2017, IACR Trans. Symmetric Cryptol..

[11]  Adi Shamir,et al.  Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities , 2019, Journal of Cryptology.

[12]  Christian Rechberger,et al.  A New Structural-Differential Property of 5-Round AES , 2017, EUROCRYPT.

[13]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[14]  Marine Minier,et al.  A Collision Attack on 7 Rounds of Rijndael , 2000, AES Candidate Conference.

[15]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[16]  Stefan Kölbl,et al.  Security of the AES with a Secret S-Box , 2015, FSE.