Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds
作者: Alex Biryukov , Orr Dunkelman , Nathan Keller , Dmitry Khovratovich , Adi Shamir
DOI: 10.1007/978-3-642-13190-5_15
关键词:
摘要: AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, AES-256) differ in their key sizes (128 bits, 192 bits 256 bits) number of rounds (10, 12, 14, respectively). While for AES-128, there are no attacks faster than exhaustive search, AES-192 AES-256 were recently shown to be breakable by which require 2176 299.5 time, respectively. these complexities much they completely non-practical, do not seem pose any real threat security AES-based systems. In this paper we aim increase our understanding security, concentrate on with practical complexity, i.e., that can experimentally verified. We show reduced-round variants up 10 complexity feasible. One uses only two related keys 239 time recover complete 256-bit a 9-round version (the previous attack variant required 4 2120 time). Another break 10-round 245 but it stronger type subkey 64 2172 full cannot directly broken attacks, fact such low raises serious concerns about remaining safety margin offered AES-256.
springer.com
core.ac.uk
springerlink.com
acm.org 
researchgate.net 参考文章(17)
Aggelos Kiayias, Moti Yung, Polynomial reconstruction based cryptography selected areas in cryptography. pp. 129- 133 ,(2001) , 10.1007/3-540-45537-X_10
Eli Biham, Orr Dunkelman, Nathan Keller, Related-Key boomerang and rectangle attacks theory and application of cryptographic techniques. pp. 507- 525 ,(2005) , 10.1007/11426639_30
Lars R. Knudsen, Cryptanalysis of LOKI91 theory and application of cryptographic techniques. pp. 196- 208 ,(1992)
Alex Biryukov, Dmitry Khovratovich, Ivica Nikolić, Distinguisher and Related-Key Attack on the Full AES-256 international cryptology conference. pp. 231- 249 ,(2009) , 10.1007/978-3-642-03356-8_14
Vincent Rijmen, Joan Daemen, The Design of Rijndael: AES - The Advanced Encryption Standard ,(2002)
Scott Fluhrer, Itsik Mantin, Adi Shamir, Weaknesses in the Key Scheduling Algorithm of RC4 selected areas in cryptography. pp. 1- 24 ,(2001) , 10.1007/3-540-45537-X_1
Jongsung Kim, Seokhie Hong, Bart Preneel, Related-key rectangle attacks on reduced AES-192 and AES-256 fast software encryption. pp. 225- 241 ,(2007) , 10.1007/978-3-540-74619-5_15
Joan Daemen, Vincent Rijmen, The Design of Rijndael Springer-Verlag New York, Inc.. ,(2002) , 10.1007/978-3-662-04722-4
Niels Ferguson, John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, Doug Whiting, Improved Cryptanalysis of Rijndael fast software encryption. pp. 213- 230 ,(2000) , 10.1007/3-540-44706-7_15
Alex Biryukov, Dmitry Khovratovich, Related-Key Cryptanalysis of the Full AES-192 and AES-256 international conference on the theory and application of cryptology and information security. pp. 1- 18 ,(2009) , 10.1007/978-3-642-10366-7_1