Related-Key Cryptanalysis of the Full AES-192 and AES-256
نویسندگان
چکیده
In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2, while the recent attack by Biryukov-Khovratovich-Nikolić works for a weak key class and has higher complexity. The second attack is the first cryptanalysis of the full AES192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle.
منابع مشابه
Biclique Cryptanalysis of the Full AES
Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cry...
متن کاملThe (related-key) impossible boomerang attack and its application to the AES block cipher
The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in 2005. Impossible differential cryptanalysis and the boomerang attack are powerful variants of differential cryptanalysis for analysing the security...
متن کاملPractical-Titled Attack on AES-128 Using Chosen-Text Relations
Related-key attacks on AES-192 and AES-256 have been presented at Crypto 2009 and Asiacrypt 2009. Although these results are already quite spectacular, they have been extended to practical-complexity attacks on AES variants with 10 rounds at Eurocrypt 2010. These advances in cryptanalysis are enabled by the introduction of a new type of related keys. Let the secret key be denoted by k, the roun...
متن کاملBicliques with Minimal Data and Time Complexity for AES
Abstract. Biclique cryptanalysis is a recent technique that has been successfully applied to AES resulting in key recovery faster than brute force. However, a major hurdle in carrying out biclique cryptanalysis on AES is that it requires very high data complexity. This naturally warrants questions over the practical feasibility of implementing biclique attack in the real world. In Crypto’13, Ca...
متن کاملCryptanalysis of Ciphers Based on AES Structure
AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). Our present work investigates the recently reported attacks on AES 256 and AES 192. Instead of concentrating on the actual algorithms of these attacks we shall be more...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009