AES (Advanced Encryption Standard)
is the 128-bit block cipher,
which was selected in a competition held by NIST
(National Institute of Standards and Technology),
was standardized as FIPS PUB 197,
and is included in the e-Government Recommeded Ciphers List of Japan.
A new cryptanalytic technique against AES was presented
in the rump session held in the night of August 16
during CRYPTO 2011 sponsored by IACR
(International Association for Cryptologic Research).
The complexities of the single-key cryptanalysis against AES,
described in a paper submitted to Cryptology ePrint Archive,
are summarized in the following table.
Table: Complexities of Single-Key Cryptanalysis against AES (August, 2011)
|AES key length
According to the paper, the computational comlexities of the proposed
cryptanalysis to derive the encryption keys10
are slightly smaller than those for the key exhaustive search attack
(brute force attack).
However, the cryptanalysis is not considered to be realistic,
because it requires vast amount of data obtained beforehand11.
Survey results on this matter will be published as reports,
such as CRYPTREC Report 2012,
in the web site of Advisory Board for Cryptographic Technology
and this web site (CRYPTREC web site).
4 http://www.iacr.org/conferences/crypto2011/ (August 14-18, 2011; UC Santa Barbara)
8 Unit of the data complexity is a pair of plaintext block and ciphertext block.
Both plaintext and ciphertext blocks are 128-bit length.
9 Unit of the computational complexity is the computational cost for one block encryption.
10 The numbers of encryption are 2128, 2192 and 2256 for three key lengths: 128-bit, 192-bit and 256-bit, respectively.
11 The data size required for the brute force attack against 128-bit block cipher with 128-bit key is several peta bytes.
Peta means 1015.