Impossible differential cryptanalysis of advanced encryption standard

Impossible differential cryptanalysis is a method recovering secret key, which gets rid of the keys that satisfy impossible differential relations. This paper concentrates on the impossible differential cryptanalysis of Advanced Encryption Standard (AES) and presents two methods for impossible differential cryptanalysis of 7-round AES-192 and 8-round AES-256 combined with time-memory trade-off by exploiting weaknesses in their key schedule. This attack on the reduced to 7-round AES-192 requires about 294.5 chosen plaintexts, demands 2129 words of memory, and performs 2157 7-round AES-192 encryptions. Furthermore, this attack on the reduced to 8-round AES-256 requires about 2101 chosen plaintexts, demands 2201 words of memory, and performs 2228 8-round AES-256 encryptions.

Impossible differential cryptanalysis of Advanced Encryption Standard

Impossible differential cryptanalysis is a method recovering secret key, which gets rid of the keys that satisfy impossible differential relations. This paper concentrates on the impossible differential cryptanalysis of Advanced Encryption Standard (AES) and presents two methods for impossible differential cryptanalysis of 7-round AES-192 and 8-round AES-256 combined with time-memory trade-off by exploiting weaknesses in their key schedule. This attack on the reduced to 7-round AES-192 requires about 294.5 chosen plaintexts, demands 2129 words of memory, and performs 2157 7-round AES-192 encryptions. Furthermore, this attack on the reduced to 8-round AES-256 requires about 2101 chosen plaintexts, demands 2201 words of memory, and performs 2228 8-round AES-256 encryptions.