Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits

Wei, Yongzhuang; Lu, Jiqiang; Hu, Yupu

doi:10.1007/978-3-642-21031-0_17

Cited by 15 publications

(12 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since we know that these functions can be described by the key of 24 or 32 bytes, one can reduce T by a factor 10 or 8 by storing only the first differences. Such an observation has been used by Wei et al in [24].…”

Section: Precomputation Phasementioning

confidence: 99%

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

Derbez

Fouque

Jean

2013

Lecture Notes in Computer Science

150

172

View full text Add to dashboard Cite

Abstract. In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks at Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below 2 100 . Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of 2 107 chosen-plaintexts, a memory complexity of 2 96 and a time complexity of 2 172 for AES-192 and 2196 for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with 2 120 chosen plaintexts and time and memory complexities of 2 203 . All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.

show abstract

Section: Precomputation Phasementioning

confidence: 99%

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

Derbez

Fouque

Jean

2013

Lecture Notes in Computer Science

150

172

View full text Add to dashboard Cite

show abstract

“…Then after exploiting an automatic search tool to find the related-key differential characteristics, the author claimed that the number of active S-boxes in the best round-reduced related-key differential characteristics has increased, so xAES is resistant against related-key differential attacks. However, this tweak cannot protect AES from other kinds of attacks, such as recent meet-in-themiddle attacks [11] [13], and also suffers a reduced efficiency. The key schedules in [9] and [8] defend mainly against the recent related-key differential type attacks.…”

Section: Previous Modifications To the Aes Key Schedulementioning

confidence: 99%

“…A factor of 2 24 in this reduction is achieved by applying Observation 1. Later, [13] gives an 8-round meet-in-the-middle attack on AES-192, which has a dramatically smaller data complexity -2 41 chosen plaintexts. In this paper Observation 1 again contributes to a reduction of the time complexity.…”

Section: Square Attack and Meet-in-the-middle Attackmentioning

confidence: 99%

Transposition of AES Key Schedule

Huang

Yan

Lai

2017

Information Security and Cryptology

View full text Add to dashboard Cite

Abstract. In this paper, we point out a new weakness of the AES key schedule by revisiting an old observation exploited by many known attacks. We also discover a major cause for this weakness is that the column-by-column word-wise property in the key schedule matches nicely with the MixColumns operation in the cipher's diffusion layer. Then we propose a new key schedule by minor modification to increase the security level for AES. First, it reduces the number of rounds that some attacks are effective, such as SQUARE attacks and meet-in-the-middle attacks; Second, it is interesting that our new key schedule also protects AES from the most devastating related-key differential type attacks, which work against AES-192 and AES-256 with the full number of rounds. Compared with the original key schedule, ours just does a transposition on the output matrix of the subkeys. Compared with other proposed modifications of AES key schedule, our modification adds no non-linear operations, no need to complicate the diffusion method, or complicate the iteration process of generating subkeys. Finally, our results suggest that the route of diffusion propagation should get more attention in the design of key schedules.

show abstract

“…AES is provably resistant against differential and linear attacks [5], but many other methods of cryptanalysis have been developed to attack AES, such as square attack [5,7,14,20], collision attack [17], meet-in-the-middle attack [8][9][10][11]13,18,22], impossible differential attack [19,21], biclique attack [4], related-key attack [1][2][3], known-key distinguisher [16] and chosen-key distinguisher [15]. Among these attacks, the known-key distinguisher and chosen-key distinguisher use the knowledge of the key and their goals are to distinguish the permutation from a random one.…”

Section: Introductionmentioning

confidence: 99%

Meet-in-the-middle attacks on 10-round AES-256

Li¹,

Jin²

2015

Des. Codes Cryptogr.

View full text Add to dashboard Cite

Meet-in-the-middle attack on AES is proposed by Demirci and Selçuk at FSE 2008, and improved greatly by Dunkelman et al. at ASIACRYPT 2010 and Derbez et al. at EUROCRYPT 2013 with various time/memory/data tradeoff techniques. At FSE 2014, Li et al.give the most efficient attack on 9-round AES-256 based on a 5-round meet-in-the-middle distinguisher. In this paper, we revisit Demirci and Selçuk's attack and present the first 6-round meet-in-the-middle distinguisher on AES-256 using the differential enumerate and key-dependent sieve techniques. Based on this distinguisher, we propose the first attack on 10-round AES-256 in the single-key model except biclique attack. Moreover, we can further reduce the data complexity by using several distinguishers in parallel and reduce the memory complexity by dividing the whole attack into a series of weak-key attacks. Finally, we can achieve the attack with a data complexity of 2 111 chosen plaintexts, a time complexity of 2 253 10-round AES encryptions and a memory complexity of 2 211.2 AES blocks.

show abstract

Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits

Cited by 15 publications

References 12 publications

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

Transposition of AES Key Schedule

Meet-in-the-middle attacks on 10-round AES-256

Contact Info

Product

Resources

About