International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: The Exchange Attack: How to Distinguish Six Rounds of AES with $2^{88.2}$Chosen Plaintexts

Authors:
Navid Ghaedi Bardeh
Sondre Rønjom
Download:
DOI: 10.1007/978-3-030-34618-8_12
Search ePrint
Search Google
Abstract: In this paper we present exchange-equivalence attacks which is a new cryptanalytic attack technique suitable for SPN-like block cipher designs. Our new technique results in the first secret-key chosen plaintext distinguisher for 6-round AES. The complexity of the distinguisher is about $$2^{88.2}$$ in terms of data, memory and computational complexity. The distinguishing attack for AES reduced to six rounds is a straight-forward extension of an exchange attack for 5-round AES that requires $$2^{30}$$ in terms of chosen plaintexts and computation. This is also a new record for AES reduced to five rounds. The main result of this paper is that AES up to at least six rounds is biased when restricted to exchange-invariant sets of plaintexts.
BibTeX
@article{asiacrypt-2019-30066,
  title={The Exchange Attack: How to Distinguish Six Rounds of AES with $$2^{88.2}$$Chosen Plaintexts},
  booktitle={Advances in Cryptology – ASIACRYPT 2019},
  series={Advances in Cryptology – ASIACRYPT 2019},
  publisher={Springer},
  volume={11923},
  pages={347-370},
  doi={10.1007/978-3-030-34618-8_12},
  author={Navid Ghaedi Bardeh and Sondre Rønjom},
  year=2019
}