Abstract
Meet-in-the-middle attack on AES is proposed by Demirci and Selçuk at FSE 2008, and improved greatly by Dunkelman et al. at ASIACRYPT 2010 and Derbez et al. at EUROCRYPT 2013 with various time/memory/data tradeoff techniques. At FSE 2014, Li et al. give the most efficient attack on 9-round AES-256 based on a 5-round meet-in-the-middle distinguisher. In this paper, we revisit Demirci and Selçuk’s attack and present the first 6-round meet-in-the-middle distinguisher on AES-256 using the differential enumerate and key-dependent sieve techniques. Based on this distinguisher, we propose the first attack on 10-round AES-256 in the single-key model except biclique attack. Moreover, we can further reduce the data complexity by using several distinguishers in parallel and reduce the memory complexity by dividing the whole attack into a series of weak-key attacks. Finally, we can achieve the attack with a data complexity of \(2^{111}\) chosen plaintexts, a time complexity of \(2^{253}\) 10-round AES encryptions and a memory complexity of \(2^{211.2}\) AES blocks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Biryukov A., Khovratovich D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Advances in Cryptology—ASIACRYPT 2009, pp. 1–18. Springer, Heidelberg (2009).
Biryukov A., Khovratovich D., Nikolić I.: Distinguisher and related-key attack on the full AES-256. In: Advances in Cryptology—CRYPTO 2009, pp. 231–249. Springer, Heidelberg (2009).
Biryukov A., Dunkelman O., Keller N., Khovratovich D., Shamir A.: Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. In: Advances in Cryptology—EUROCRYPT 2010, pp. 299–319. Springer, Heidelberg (2010).
Bogdanov A., Khovratovich D., Rechberger C.: Biclique cryptanalysis of the full AES. In: Advances in Cryptology—ASIACRYPT 2011, pp. 344–371. Springer, Heidelberg (2011).
Daemen J., Rijmen V.: AES proposal: Rijndael. In: First Advanced Encryption Standard (AES) Conference (1998).
Daemen J., Rijmen V.: Understanding two-round differentials in AES. In: Security and Cryptography for Networks, pp. 78–94. Springer, Heidelberg (2006).
Daemen J., Knudsen L., Rijmen V.: The block cipher square. In: Fast Software Encryption, pp. 149–165. Springer, Heidelberg (1997).
Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Fast Software Encryption, pp. 116–126. Springer, Heidelberg (2008).
Demirci H., Taşkın İ., Çoban M., Baysal A.: Improved meet-in-the-middle attacks on AES. In: Progress in Cryptology—INDOCRYPT 2009, pp. 144–156. Springer, Heidelberg (2009).
Derbez P., Fouque P.A., Jean J., et al.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: EUROCRYPT, vol. 7881, pp. 371–387. Springer, Heidelberg (2013).
Derbez P., Fouque P.A., Jean J.: Exhausting demirci-selçuk meet-in-the-middle attacks against reduced-round AES. In: FSE (2013).
Dunkelman O., Keller N.: A new attack on the LEX stream cipher. In: Advances in Cryptology—ASIACRYPT 2008, pp. 539–556. Springer, Heidelberg (2008).
Dunkelman O., Keller N., Shamir A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Advances in Cryptology—ASIACRYPT 2010, pp. 158–176. Springer, Heidelberg (2010).
Ferguson N., Kelsey J., Lucks S., Schneier B., Stay M., Wagner D., Whiting D.: Improved cryptanalysis of Rijndael. In: Fast Software Encryption, pp. 213–230. Springer, Heidelberg (2001).
Fouque P.A., Jean J., Peyrin T.: Structural evaluation of AES and chosen-key distinguisher of 9-round AES-128. In: Advances in Cryptology—CRYPTO 2013, pp. 183–203. Springer, Heidelberg (2013).
Gilbert H.: A simplified representation of AES. In: Advances in Cryptology—ASIACRYPT 2014, pp. 200–222. Springer, Heidelberg (2014).
Gilbert H., Minier M.: A collisions attack on the 7-rounds Rijndael. In: AES Candidate Conference (2000).
Li L., Jia K., Wang X.: Improved single-key attacks on 9-round AES-192/256. In: FSE (2014).
Lu J., Dunkelman O., Keller N., Kim J.: New impossible differential attacks on AES. In: Progress in Cryptology—INDOCRYPT 2008, pp. 279–293. Springer, Heidelberg (2008).
Lucks S., et al.: Attacking seven rounds of Rijndael under 192-bit and 256-bit keys. In: AES Candidate Conference, vol. 2000 (2000).
Mala H., Dakhilalian M., Rijmen V., Modarres-Hashemi M.: Improved impossible differential cryptanalysis of 7-round AES-128. In: Progress in Cryptology—INDOCRYPT 2010, pp. 282–291. Springer, Heidelberg (2010).
Wei Y., Lu J., Hu Y.: Meet-in-the-middle attack on 8 rounds of the AES block cipher under 192 key bits. In: Information Security Practice and Experience, pp. 222–232. Springer, Berlin (2011).
Acknowledgments
We would like to thank anonymous referees for their helpful comments and suggestions. This work was supported by the National Natural Science Foundation of China under Grants 61272488, 61402523.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by L. R. Knudsen.
Rights and permissions
About this article
Cite this article
Li, R., Jin, C. Meet-in-the-middle attacks on 10-round AES-256. Des. Codes Cryptogr. 80, 459–471 (2016). https://doi.org/10.1007/s10623-015-0113-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-015-0113-3