Abstract
Meet-in-the-middle (MitM) attack method has led to the best currently published cryptanalytic results on the AES block cipher in the single-key attack scenario, except biclique attack. Particularly, for AES with a 256-bit key (AES-256), Li and Jin published a MitM attack on 10-round AES-256 in 2016, which has a data complexity of \(2^{111}\) chosen plaintexts, a memory complexity of \(2^{215.2}\) bytes and a time complexity of \(2^{253}\) 10-round AES-256 encryptions under so-called weak-key approach. In this paper, we observe that the memory complexity of Li and Jin’s attack should be \(2^{217.4}\) bytes, then we show that three other byte key relations can be used to further reduce the memory complexity in Li and Jin’s attack by decomposing Li and Jin’s big precomputational table into two smaller ones and using MixColumns’ property to connect the two smaller tables in online key-recovery phase, which produces a 10-round AES-256 attack with a memory complexity of \(2^{189}\) bytes and a time complexity of \(2^{255}\) 10-round AES encryptions, and finally we exploit a different 6-round MitM distinguisher to mount a 10-round AES-256 attack with a data complexity of \(2^{105}\) chosen plaintexts, a memory complexity of \(2^{189}\) bytes and a time complexity of \(2^{253.2}\) 10-round AES encryptions. Our final attack has a much smaller data and memory complexity and a marginally larger time complexity than Li and Jin’s attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
References
Biham E., Shamir A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, New York (1993).
Bogdanov A., Khovratovich D., Rechberger C.: Biclique cryptanalysis of the full AES. In: Lee D.H., Wang X. (eds.) ASIACRYPT 2011, LNCS, vol. 7073, pp. 344–371. Springer (2011).
Daemen J., Rijmen V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Springer, New York (2002).
Daemen J., Rijmen V.: Understanding two-round differentials in AES. In: De Prisco R., Yung M. (eds.) SCN 2006, LNCS, vol. 4116, pp. 78–94. Springer (2006).
Demirci H., Selçuk A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg K. (ed.) FSE 2008, LNCS, vol. 5086, pp. 116–126. Springer (2008).
Derbez P., Fouque P.A.: Exhausting Demirci-Selçuk meet-in-the-middle attacks against reduced-round AES. In: Moriai S. (ed.) FSE 2013, LNCS, vol. 8424, pp. 541–560. Springer (2014).
Derbez P., Fouque P.A.: Automatic search of meet-in-the-middle and impossible differential attacks. In: Robshaw M., Katz J. (eds.) CRYPTO 2016, LNCS, vol. 9815, pp. 157–184. Springer (2014).
Derbez P., Fouque P.A., Jean J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson T., Nguyen P.Q. (eds.) EUROCRYPT 2013, LNCS, vol. 7881, pp. 371–387. Springer (2013).
Diffie W., Hellman M.: Exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74–84 (1977).
Dunkelman O., Keller N., Shamir A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe M. (ed.) ASIACRYPT 2010, LNCS 6477, pp. 158–176. Springer (2010).
Ferguson N., Kelsey J., Lucks S., Schneier B., Stay M., Wagner D., Whiting D.: Improved cryptanalysis of Rijndael. In: Schneier B. (ed.) FSE 2000, LNCS, vol. 1978, pp. 213–230. Springer (2001).
Gilbert H., Minier M.: A collision attack on 7 rounds of Rijndael. In: The Third Advanced Encryption Standard Candidate Conference, pp. 230–241. NIST (2000).
Gilbert H., Peyrin T.: Super-Sbox cryptanalysis: improved attacks for AES-like permutations. In: Hong S., Iwata T. (eds.) FSE 2010, LNCS, vol. 6147, pp. 365–383. Springer (2010).
Hellman M.E.: A cryptanalytic time-memory-tradeoff. IEEE Trans. Inf. Theory 26(4), 401–406 (1980).
Knudsen L.R.: Truncated and higher order differentials. In: Preneel B. (ed.) FSE 1994, LNCS, vol. 1008, pp. 196–211. Springer (1995).
Li L., Jia K., Wang X.: Improved single-key attacks on 9-round AES-192/256. In: Cid C., Rechberger C. (eds.) FSE 2014, LNCS, vol. 8540, pp. 127–146. Springer (2015).
Li R., Jin C.: Meet-in-the-middle attacks on 10-round AES-256. Des. Codes Cryptogr. 80(3), 459–471 (2016).
Lu J., Dunkelman O., Keller N., Kim J.: New impossible differential attacks on AES. In: Chowdhury D.R., Rijmen V., Das A. (eds.) INDOCRYPT 2008, LNCS, vol. 5365, pp. 279–293. Springer (2008).
National Institute of Standards and Technology (NIST). Advanced Encryption Standard (AES), FIPS-197 (2001).
Zhang W., Wu W., Feng D.: New results on impossible differential cryptanalysis of reduced AES. In: Nam K.-H., Rhee G. (eds.) ICISC 2007, LNCS, vol. 4817, pp. 239–250. Springer (2007).
Acknowledgements
The authors thank the anonymous reviewers for their comments. This work was supported by State Key Laboratory of Cryptology (No. MMKFKT202114). Jiqiang Lu was Qianjiang Special Expert of Hangzhou.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by M. Eichlseder.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Lu, J., Zhou, W. Improved meet-in-the-middle attack on 10 rounds of the AES-256 block cipher. Des. Codes Cryptogr. 92, 957–973 (2024). https://doi.org/10.1007/s10623-023-01323-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-023-01323-4