Abstract
In this work, we compare different faster than brute-force single-key attacks on the full AES in software. Contrary to dedicated hardware implementations, software implementations are more transparent and do not over-optimize a specific type of attack. We have analyzed and implemented a black-box brute-force attack, an optimized brute-force attack and a biclique attack on AES-128. Note that all attacks perform an exhaustive key search but the latter two do not need to recompute the whole cipher for all keys. To provide a fair comparison, we use CPUs with Intel AES-NI since these instructions tend to favor the generic black-box brute-force attack. Nevertheless, we are able to show that on Sandy Bridge the biclique attack on AES-128 is 17% faster, and the optimized brute-force attack is 3% faster than the black-box brute-force attack.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)
Bogdanov, A., Kavun, E.B., Paar, C., Rechberger, C., Yalcin, T.: Better than Brute-Force Optimized Hardware Architecture for Efficient Biclique Attacks on AES-128. In: Workshop records of Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2012, pp. 17–34 (2012), http://2012.sharcs.org/record.pdf
Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique Cryptanalysis of the Full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011)
Fog, A.: Instruction tables – Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs (2012), http://www.agner.org/optimize/instruction_tables.pdf (accessed September 2, 2012)
Gaj, K.: ATHENa: Automated Tool for Hardware EvaluatioN (2012) , http://cryptography.gmu.edu/athenadb/fpga_hash/table_view (accessed February 1, 2013)
Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26(4), 401–406 (1980)
Intel Corporation:ntel® Advanced Encryption Standard (AES) Instruction Set, White Paper. Tech. rep., Intel Mobility Group, Israel Development Center, Israel (January 2010)
Intel Corporation: Intel® 64 and IA-32 Architectures Software Developer’s Manual. Intel Corporation (March 2012)
NIST: Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology (2001)
Sasaki, Y., Aoki, K.: Finding Preimages in Full MD5 Faster Than Exhaustive Search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)
SHA-3 Zoo Editors: SHA-3 Hardware Implementations (2012), http://ehash.iaik.tugraz.at/wiki/SHA-3_Hardware_Implementations (accessed February 1, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gstir, D., Schläffer, M. (2013). Fast Software Encryption Attacks on AES. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds) Progress in Cryptology – AFRICACRYPT 2013. AFRICACRYPT 2013. Lecture Notes in Computer Science, vol 7918. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38553-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-38553-7_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38552-0
Online ISBN: 978-3-642-38553-7
eBook Packages: Computer ScienceComputer Science (R0)