Improved Impossible Differential Attacks on Large-Block Rijndael

In this paper, we present more powerful 6-round impossible differentials for large-block Rijndael-224 and Rijndael-256 than the ones used by Zhang et al. in ISC 2008. Using those, we can improve the previous impossible differential cryptanalysis of both 9-round Rijndael224 and Rijndael-256. The improvement can lead to 10-round attack on Rijndael-256 as well. With 2 chosen plaintexts, an attack is demonstrated on 9-round Rijndael-224 with 2 encryptions and 2 bytes memory. Increasing the data complexity to 2 plaintexts, the time complexity can be reduced to 2 encryptions and the memory requirements to 2 bytes. For 9-round Rijndael-256, we provide an attack requiring 2 chosen plaintexts, 2 encryptions, and 2 bytes memory. Alternatively, with 2 plaintexts, an attack with a reduced time of 2 encryptions and a memory complexity of 2 bytes can be mounted. With 2 chosen plaintexts, we can attack 10-round Rijndael-256 with 2 encryptions and 2 bytes of memory.