Impossible differential attack on seven-round AES-128

Abstract

A specific class of differential cryptanalytic approach, named as impossible differential attack, has been successfully applied to several symmetric cryptographic primitives in particular encryption schemes such as Advanced Encryption Standard (AES). Such attacks exploit differences that are impossible at some intermediate state of the cipher algorithm. The best-known impossible differential attack against AES-128 has applied to six rounds. An attack on AES-128 up to seven rounds is proposed. The proposed attack requires 2115.5 chosen plaintexts and 2109 bytes of memory and performs 2119 seven-round AES encryptions. This is also the best-known attack on a reduced version of the AES-128 till now. © 2008 The Institution of Engineering and Technology.