CRYPTEREC Cryptography Research and Evaluation Committees
Organization of CRYPTREC
History of CRYPTREC
Technical Report
e-Government Recommended Ciphers List
Specifications of e-Government Recommended Ciphers
Guide to Related Organizations
Security of 128-bit Block Cipher AES
September 12, 2011
CRYPTREC Cryptographic Scheme Committee

AES (Advanced Encryption Standard) is the 128-bit block cipher, which was selected in a competition held by NIST (National Institute of Standards and Technology), was standardized as FIPS PUB 197, and is included in the e-Government Recommeded Ciphers List of Japan. A new cryptanalytic technique against AES was presented in the rump session held in the night of August 16 during CRYPTO 2011 sponsored by IACR (International Association for Cryptologic Research).
The complexities of the single-key cryptanalysis against AES, described in a paper submitted to Cryptology ePrint Archive, are summarized in the following table.

Table: Complexities of Single-Key Cryptanalysis against AES (August, 2011)
AES key length data complexity8 computational complexity9
128-bit 288 2126.18
192-bit 280 2189.74
256-bit 240 2254.42

According to the paper, the computational comlexities of the proposed cryptanalysis to derive the encryption keys10 are slightly smaller than those for the key exhaustive search attack (brute force attack). However, the cryptanalysis is not considered to be realistic, because it requires vast amount of data obtained beforehand11. Survey results on this matter will be published as reports, such as CRYPTREC Report 2012, in the web site of Advisory Board for Cryptographic Technology and this web site (CRYPTREC web site).

4 (August 14-18, 2011; UC Santa Barbara)
8 Unit of the data complexity is a pair of plaintext block and ciphertext block. Both plaintext and ciphertext blocks are 128-bit length.
9 Unit of the computational complexity is the computational cost for one block encryption.
10 The numbers of encryption are 2128, 2192 and 2256 for three key lengths: 128-bit, 192-bit and 256-bit, respectively.
11 The data size required for the brute force attack against 128-bit block cipher with 128-bit key is several peta bytes. Peta means 1015.

If you have any opinion, comment, or inquiry about this topic, please contact us at the following address.
CRYPTREC Secretariat
E-mail :
About this Site Privacy Policy
If you have any comment or inquiry, send it to the following mail address.
Copyright (c) 2005 CRYPTREC.ALL Rights Reserved.