2009
DOI: 10.1007/978-3-642-10366-7_1
|View full text |Cite
|
Sign up to set email alerts
|

Related-Key Cryptanalysis of the Full AES-192 and AES-256

Abstract: Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has 2 99.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolić works for a weak key class and has much higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

44
318
2

Year Published

2010
2010
2023
2023

Publication Types

Select...
5
3
1

Relationship

2
7

Authors

Journals

citations
Cited by 347 publications
(364 citation statements)
references
References 11 publications
44
318
2
Order By: Relevance
“…Since the original work of Knudsen and Biham, there have been many reported cases of successful related-key cryptanalysis [9,27,7], and notably of the Advanced Encryption Standard (AES) [10,11]. These results led to the consensual view that RKA resilience should be a standard design goal for lowlevel cryptographic primitives such as block ciphers and hash functions.…”
Section: Introductionsupporting
confidence: 42%
See 1 more Smart Citation
“…Since the original work of Knudsen and Biham, there have been many reported cases of successful related-key cryptanalysis [9,27,7], and notably of the Advanced Encryption Standard (AES) [10,11]. These results led to the consensual view that RKA resilience should be a standard design goal for lowlevel cryptographic primitives such as block ciphers and hash functions.…”
Section: Introductionsupporting
confidence: 42%
“…This vulnerability is relevant for practical applications of Feistel constructions, since many important cryptanalytic results such as those presented by Biryukov et al [10,11] can be described as utilizing related keys that are derived by xor-ing the original key with a constant. This in particular permits an attacker to selectively modify the secret key for the output round in a Feistel network and break the security of the construction.…”
Section: Introductionmentioning
confidence: 44%
“…The key relations used in the attacks vary from fixed differences [16] to non-trivial subkey relations [7].…”
Section: Related Workmentioning
confidence: 42%
“…These attacks are independent of the number of rounds the block cipher undergoes. Even AES-192 and AES-256 can be weakened with related-key attacks [28].…”
Section: Introductionmentioning
confidence: 40%