Related-Key Cryptanalysis of the Full AES-192 and AES-256
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Improved Meet-in-the-Middle Attacks on AES
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
A Distinguisher for the Compression Function of SIMD-512
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Constructing rate-1 MACs from related-key unpredictable block ciphers: PGV model revisited
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Super-Sbox cryptanalysis: improved attacks for AES-like permutations
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Pseudorandom functions and permutations provably secure against related-key attacks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Distinguishers for the compression function and output transformation of hamsi-256
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Proposition of two cipher structures
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Subspace distinguisher for 5/8 rounds of the ECHO-256 hash function
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Cryptanalysis of Luffa v2 components
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
The (related-key) impossible boomerang attack and its application to the AES block cipher
Designs, Codes and Cryptography
AES variants secure against related-key differential and boomerang attacks
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
On cipher-dependent related-key attacks in the ideal-cipher model
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Known-key distinguishers on 11-round Feistel and collision attacks on its hashing modes
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Cold boot key recovery by solving polynomial systems with noise
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
LBlock: a lightweight block cipher
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Automatic search of attacks on round-reduced AES and applications
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
The PHOTON family of lightweight Hash functions
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Known and chosen key differential distinguishers for block ciphers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Efficient hashing using the AES instruction set
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
On related-secret pseudorandomness
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
A domain extender for the ideal cipher
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Parallelizing the camellia and SMS4 block ciphers
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Second-Order differential collisions for reduced SHA-256
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Biclique cryptanalysis of the full AES
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Increasing block sizes using feistel networks: the example of the AES
Cryptography and Security
Known-Key distinguisher on round-reduced 3d block cipher
WISA'11 Proceedings of the 12th international conference on Information Security Applications
EPCBC: a block cipher suitable for electronic product code encryption
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Boomerang distinguisher for the SIMD-512 compression function
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
SPN-hash: improving the provable resistance against differential collision attacks
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Cryptanalysis of the Full AES Using GPU-Like Special-Purpose Hardware
Fundamenta Informaticae - Cryptology in Progress: 10th Central European Conference on Cryptology, Będlewo Poland, 2010
Fundamenta Informaticae - Cryptology in Progress: 10th Central European Conference on Cryptology, Będlewo Poland, 2010
Γ-MAC[H, P]: a new universal MAC scheme
WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology
Collision attacks on the reduced dual-stream hash function RIPEMD-128
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Improved impossible differential attacks on large-block rijndael
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
In this paper we construct a chosen-key distinguisher and a related-key attack on the full 256-bit key AES. We define a notion of differential q -multicollision and show that for AES-256 q-multicollisions can be constructed in time q·267 and with negligible memory, while we prove that the same task for an ideal cipher of the same block size would require at least $O(q\cdot 2^{\frac{q-1}{q+1}128})$ time. Using similar approach and with the same complexity we can also construct q-pseudo collisions for AES-256 in Davies-Meyer mode, a scheme which is provably secure in the ideal-cipher model. We have also computed partial q-multicollisions in time q·237 on a PC to verify our results. These results show that AES-256 can not model an ideal cipher in theoretical constructions. Finally we extend our results to find the first publicly known attack on the full 14-round AES-256: a related-key distinguisher which works for one out of every 235 keys with 2120 data and time complexity and negligible memory. This distinguisher is translated into a key-recovery attack with total complexity of 2131 time and 265 memory.