Improved Impossible Differential Attacks on Large-Block Rijndael

Qingju Wang, Dawu Gu, Vincent Rijmen, Ya Liu, Jiazhe Chen, Andrey Bogdanov

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


In this paper, we present more powerful 6-round impossible differentials for large-block Rijndael-224 and Rijndael-256 than the ones used by Zhang et al. in ISC 2008. Using those, we can improve the previous impossible differential cryptanalysis of both 9-round Rijndael-224 and Rijndael-256. The improvement can lead to 10-round attack on Rijndael-256 as well. With 2198.1 chosen plaintexts, an attack is demonstrated on 9-round Rijndael-224 with 2 195.2 encryptions and 2140.4 bytes memory. Increasing the data complexity to 2216 plaintexts, the time complexity can be reduced to 2130 encryptions and the memory requirements to 2 93.6 bytes. For 9-round Rijndael-256, we provide an attack requiring 2229.3 chosen plaintexts, 2194 encryptions, and 2 139.6 bytes memory. Alternatively, with 2245.3 plaintexts, an attack with a reduced time of 2127.1 encryptions and a memory complexity of 290.9 bytes can be mounted. With 2244.2 chosen plaintexts, we can attack 10-round Rijndael-256 with 2253.9 encryptions and 2186.8 bytes of memory.
Original languageEnglish
Title of host publicationInformation Security and Cryptology – ICISC 2012 : 15th International Conference, Seoul, Korea, November 28-30, 2012, Revised Selected Papers
Publication date2013
ISBN (Print)978-3-642-37681-8
ISBN (Electronic)978-3-642-37682-5
Publication statusPublished - 2013
Event15th Annual International Conference on Information Security and Cryptology (ICISC 2012) - Seoul, Korea, Republic of
Duration: 28 Nov 201230 Nov 2012


Conference15th Annual International Conference on Information Security and Cryptology (ICISC 2012)
Country/TerritoryKorea, Republic of
Internet address
SeriesLecture Notes in Computer Science


  • Block cipher
  • Impossible differential attack
  • Rijndael
  • Large block


Dive into the research topics of 'Improved Impossible Differential Attacks on Large-Block Rijndael'. Together they form a unique fingerprint.

Cite this