Some time ago, I read an interesting article of a "successful attack" against AES, the famous symmetric-key algorithm. Raphael C.-W. Phan [1] presented a seven rounds "impossible differential attack" for AES-192 and AES-256. Someone may ask: what kind of attack is this?, well, it is a crypt-analysis that takes advantage of the differences that are impossible to be, in a data block through encryption, in order to discover the key?. Without going into many details of the method used, below I comment some of the most important results of this study.

The attack involves taking pairs of identical texts in all bytes except one and encrypt these texts, then, analyze the data produced at the outputs of each rounds in order to observe the evolution of the information during the encryption process. With this information, a impossible key's probability (or probability 0) can be assigned.

The attack is based on the algorithm outlined in [1], which is used to break AES-192 and AES-256, it consists in 9 steps and focuses on the key expansion system. The algorithm permits to perform certain calculations and assigns probabilities when some sub-keys have been determined. In summary, the author hopes to determine the key in the seventh round with the mathematical model presented in this study, by observing the movements made by the various transformations.

Summarizing the results obtained in [1], for the case of AES-192, 292 plain texts, 2153 memory words and 2186 encryptions were required, in the case of AES-256, 292.5 plain texts, the same memory space 2153 and 2250.5 encryptions were requiered. The Table # 1 shows a comparison between the results presented by [1] and two earlier attacks with fewer rounds.


Table # 1: Comparison of results to attacks on AES [1].


Aside from the process itself, and analyzing the results of this attack, we can see that to break the algorithm, the test has needed 2186 and 2250.5 encryptions for AES-192 and AES-256 respectively. Taking into account that an exhaustive search would have taken 2192 and 2256 for each algorithm respectively, we could say that the attack presented by [1] has been successful.

Now, it is important to clarify that this is an attack on reduced-rounds (7 rounds) and AES may have a key length of 128, 192 or 256 bits for an amount of standard rounds: 10, 12 and 14 respectively. This means that despite the successful attack presented, AES maintains a large margin of safety with respect to this study, because there are 5 rounds of difference (for AES-192), and thus, the decoding complexity of an information packet is increased by applying the number of rounds which is defined by the standard.



  1. Raphael CP. Impossible differential cryptanalysis of 7-round Advanced Encryption Standard (AES). Information Processing Letters (2004) 91: pp. 33-38.




In Part I of the Overview of AES (Advanced Encryption Standard) the most relevant aspects of AES and S-Box was described. Now, we discuss some details of the so-called transformations (ByteSub, ShiftRow, MixColumns and AddRoundKey) and the subkey generation process. To see more details in a more dynamic way the Rijndael Animation application is recommended.



This transformation performs a byte-by-byte substitution in each of the state matrix elements, ie, the state matrix [aij] is replaced by the matrix [Sij], Figure # 1 shows this process. Using Rijndael Animation [1] application, it can be seen as the first byte of the state matrix ([a00]) is divided into two groups of four bits each one and they are used as pointers to the S-Box rows and columns, respectively, for replacement, in Figure # 1 is shown how the value 19 will be replaced by d4.


Figure # 1: S-Box use [1].

The AES (Advanced Encryption Standard) algorithm [1], known as Rijndael, was so-named by its creators Joan Daemen and Vincent Rijmen, it is the current international standard for communications encryption since october 2000. This algorithm is characterized by a symmetric block cipher with variable key length, the default key length is 128 bits but can also be set to 192 or 256 bits.

The symmetric-key cryptography, also called secret key cryptography, is a cryptographic method using the same key to encrypt and decrypt, ie, that the security of the algorithm is based on the key and not in algorithm. Examples of this type of cryptographic algorithms are: AES, DES, 3DES and RC5.