Meet-in-the-middle attack on AES is proposed by Demirci and Selçuk at FSE 2008, and improved greatly by Dunkelman et al. at ASIACRYPT 2010 and Derbez et al. at EUROCRYPT 2013 with various time/memory/data tradeoff techniques. At FSE 2014, Li et al.give the most efficient attack on 9-round AES-256 based on a 5-round meet-in-the-middle distinguisher. In this paper, we revisit Demirci and Selçuk's attack and present the first 6-round meet-in-the-middle distinguisher on AES-256 using the differential enumerate and key-dependent sieve techniques. Based on this distinguisher, we propose the first attack on 10-round AES-256 in the single-key model except biclique attack. Moreover, we can further reduce the data complexity by using several distinguishers in parallel and reduce the memory complexity by dividing the whole attack into a series of weak-key attacks. Finally, we can achieve the attack with a data complexity of 2 111 chosen plaintexts, a time complexity of 2 253 10-round AES encryptions and a memory complexity of 2 211.2 AES blocks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.