The subject of this paper is linear and differential cryptanalysis of two rounds of the Advanced Encryption Standard (AES) with estimation of complexity for three-round AES attack. Presented linear attack is based on finding highly probable linear expressions and presented differential attack is based on finding specific bitwise differences. Data complexity of described linear and differential attack is $2^{28}$ and $2^{27}$, respectively, where $8$ bits of subkey are recovered. Minimal complexity of linear attack on three-round AES is bigger than $d\times2^{60}$, where $d$ is a small constant.

Publié le : 2011-01-01
DOI : https://doi.org/10.2478/tatra.v50i3.139

@article{139,
     title = {Linear and differential cryptanalysis of\textasciitilde reduced-round\textasciitilde AES},
     journal = {Tatra Mountains Mathematical Publications},
     volume = {49},
     year = {2011},
     doi = {10.2478/tatra.v50i3.139},
     language = {EN},
     url = {http://dml.mathdoc.fr/item/139}
}

Lacko-Bartošová, Lucia. Linear and differential cryptanalysis of~reduced-round~AES. Tatra Mountains Mathematical Publications, Tome 49 (2011) . doi : 10.2478/tatra.v50i3.139. http://gdmltest.u-ga.fr/item/139/