Biclique cryptanalysis of the full AES

Publication: Research - peer-reviewConference article – Annual report year: 2011

Standard

Biclique cryptanalysis of the full AES. / Bogdanov, Andrey; Khovratovich, Dmitry; Rechberger, Christian.

In: Lecture Notes in Computer Science, Vol. 7073, 2011, p. 344-371.

Publication: Research - peer-reviewConference article – Annual report year: 2011

Harvard

APA

CBE

MLA

Vancouver

Author

Bogdanov, Andrey; Khovratovich, Dmitry; Rechberger, Christian / Biclique cryptanalysis of the full AES.

In: Lecture Notes in Computer Science, Vol. 7073, 2011, p. 344-371.

Publication: Research - peer-reviewConference article – Annual report year: 2011

Bibtex

@article{2ce5866c03b849f78ba3f2f4770c919f,
title = "Biclique cryptanalysis of the full AES",
publisher = "Springer",
author = "Andrey Bogdanov and Dmitry Khovratovich and Christian Rechberger",
year = "2011",
doi = "10.1007/978-3-642-25385-0_19",
volume = "7073",
pages = "344--371",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",

}

RIS

TY - CONF

T1 - Biclique cryptanalysis of the full AES

A1 - Bogdanov,Andrey

A1 - Khovratovich,Dmitry

A1 - Rechberger,Christian

AU - Bogdanov,Andrey

AU - Khovratovich,Dmitry

AU - Rechberger,Christian

PB - Springer

PY - 2011

Y1 - 2011

N2 - Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: The first key recovery method for the full AES-128 with computational complexity 2126.1. The first key recovery method for the full AES-192 with computational complexity 2189.7. The first key recovery method for the full AES-256 with computational complexity 2254.4. Key recovery methods with lower complexity for the reduced-round versions of AES not considered before, including cryptanalysis of 8-round AES-128 with complexity 2124.9. Preimage search for compression functions based on the full AES versions faster than brute force. In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our techniques only need a very small part of the codebook and have low memory requirements, and are practically verified to a large extent. As our cryptanalysis is of high computational complexity, it does not threaten the practical use of AES in any way. © 2011 International Association for Cryptologic Research.

AB - Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: The first key recovery method for the full AES-128 with computational complexity 2126.1. The first key recovery method for the full AES-192 with computational complexity 2189.7. The first key recovery method for the full AES-256 with computational complexity 2254.4. Key recovery methods with lower complexity for the reduced-round versions of AES not considered before, including cryptanalysis of 8-round AES-128 with complexity 2124.9. Preimage search for compression functions based on the full AES versions faster than brute force. In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our techniques only need a very small part of the codebook and have low memory requirements, and are practically verified to a large extent. As our cryptanalysis is of high computational complexity, it does not threaten the practical use of AES in any way. © 2011 International Association for Cryptologic Research.

U2 - 10.1007/978-3-642-25385-0_19

DO - 10.1007/978-3-642-25385-0_19

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

VL - 7073

SP - 344

EP - 371

ER -