A New Method for Impossible Differential Cryptanalysis of 8-Round Advanced Encryption Standard

摘要

This paper first presents an impossible differential property for 5-round Advanced Encryption Standard (AES) with high probability. Based on the property and the impossible differential cryptanalytic method for the 5-round AES, a new method is proposed for cryptanalyzing the 8-round AES-192 and AES-256. This attack on the reduced 8-round AES-192 demands 2~(121) words of memory, and performs 2~(148) 8-round AES-192 encryptions. This attack on the reduced 8-round AES-256 demands 2~(153) words of memory, and performs 2~(180) 8-round AES-256 encryptions. Furthermore, both AES-192 and AES-256 require about 2~(98) chosen plaintexts for this attack, and have the same probability that is only 2~(-3) to fail to recover the secret key.