Skip to Main content Skip to Navigation
Conference papers

Faster Chosen-Key Distinguishers on Reduced-Round AES

Abstract : In this paper, we study the AES block cipher in the chosen-key setting. The adversary's goal of this security model is to find triplets (m, m , k) satisfying some properties more efficiently for the AES scheme than generic attacks. It is a restriction of the classical chosen-key model, since as it has been defined originally, differences in the keys are possible. This model is related to the known-key setting, where the adversary receives a key k, and tries to find a pair of messages (m, m) that has some property more efficiently than generic attacks. Both models have been called open-key model in the literature and are interesting for the security of AES-based hash functions. Here, we show that in the chosen-key setting, attacking seven rounds (resp. eight rounds) of AES-128 can be done in time and memory 2 8 (resp. 2 24) while the generic attack would require 2 64 computations as a variant of the birthday paradox can be used to predict the generic complexity. We have checked our results experimentally and we extend them to distinguisers of AES-256.
Document type :
Conference papers
Complete list of metadatas

Cited literature [16 references]  Display  Hide  Download
Contributor : Pierre-Alain Fouque <>
Submitted on : Friday, December 12, 2014 - 10:26:42 AM
Last modification on : Tuesday, September 22, 2020 - 3:49:08 AM
Long-term archiving on: : Friday, March 13, 2015 - 10:31:07 AM


Files produced by the author(s)



Patrick Derbez, Pierre-Alain Fouque, Jérémy Jean. Faster Chosen-Key Distinguishers on Reduced-Round AES. Progress in Cryptology - 2012, Dec 2012, Kolkata, India. pp.19, ⟨10.1007/978-3-642-34931-7_14⟩. ⟨hal-01094335⟩



Record views


Files downloads