Abstract
In this work, we compare different faster than brute-force single-key attacks on the full AES in software. Contrary to dedicated hardware implementations, software implementations are more transparent and do not over-optimize a specific type of attack. We have analyzed and implemented a black-box brute-force attack, an optimized brute-force attack and a biclique attack on AES-128. Note that all attacks perform an exhaustive key search but the latter two do not need to recompute the whole cipher for all keys. To provide a fair comparison, we use CPUs with Intel AES-NI since these instructions tend to favor the generic black-box brute-force attack. Nevertheless, we are able to show that on Sandy Bridge the biclique attack on AES-128 is 17% faster, and the optimized brute-force attack is 3% faster than the black-box brute-force attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)
Bogdanov, A., Kavun, E.B., Paar, C., Rechberger, C., Yalcin, T.: Better than Brute-Force Optimized Hardware Architecture for Efficient Biclique Attacks on AES-128. In: Workshop records of Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS 2012, pp. 17–34 (2012), http://2012.sharcs.org/record.pdf
Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique Cryptanalysis of the Full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011)
Fog, A.: Instruction tables – Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs (2012), http://www.agner.org/optimize/instruction_tables.pdf (accessed September 2, 2012)
Gaj, K.: ATHENa: Automated Tool for Hardware EvaluatioN (2012) , http://cryptography.gmu.edu/athenadb/fpga_hash/table_view (accessed February 1, 2013)
Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26(4), 401–406 (1980)
Intel Corporation:ntel® Advanced Encryption Standard (AES) Instruction Set, White Paper. Tech. rep., Intel Mobility Group, Israel Development Center, Israel (January 2010)
Intel Corporation: Intel® 64 and IA-32 Architectures Software Developer’s Manual. Intel Corporation (March 2012)
NIST: Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology (2001)
Sasaki, Y., Aoki, K.: Finding Preimages in Full MD5 Faster Than Exhaustive Search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)
SHA-3 Zoo Editors: SHA-3 Hardware Implementations (2012), http://ehash.iaik.tugraz.at/wiki/SHA-3_Hardware_Implementations (accessed February 1, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gstir, D., Schläffer, M. (2013). Fast Software Encryption Attacks on AES. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds) Progress in Cryptology – AFRICACRYPT 2013. AFRICACRYPT 2013. Lecture Notes in Computer Science, vol 7918. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38553-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-38553-7_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38552-0
Online ISBN: 978-3-642-38553-7
eBook Packages: Computer ScienceComputer Science (R0)