Welcome to the resource topic for 2009/242
Title:
Examples of differential multicollisions for 13 and 14 rounds of AES-256
Authors: Alex Biryukov, Dmitry Khovratovich, Ivica Nikolić
Abstract:Here we present practical differential q-multicollisions for AES-256, which can be tested on any implementation of AES-256. In our paper “Distinguisher and Related-Key Attack on the Full AES-256” q-multicollisions are found with complexity q\cdot 2^{67}. We relax conditions on the plaintext difference \Delta_P allowing some bytes to vary and find multicollisions for 13 and 14 round AES with complexity q\cdot 2^{37}. Even with the relaxation there is still a large complexity gap between our algorithm and the lower bound that we have proved in Lemma 1. Moreover we believe that in practice finding even two fixed-difference collisions for a good cipher would be very challenging.
ePrint: https://eprint.iacr.org/2009/242
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .