Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting [chapter]

Patrick Derbez, Pierre-Alain Fouque, Jérémy Jean
2013 Lecture Notes in Computer Science  
In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks of Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below 2 100 . Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of 2 107 chosen-plaintexts, a memory complexity of 2 96
more » ... and a time complexity of 2 172 for AES-192 and 2 196 for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with 2 120 chosen-plaintexts and time and memory complexities of 2 203 . All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.
doi:10.1007/978-3-642-38348-9_23 fatcat:sawpayfipbb7vcqefqmbcwz7bq