| dbp:cryptanalysis
|
- Attacks have been published that are computationally faster than a full brute-force attack, though none as of 2023 are computationally feasible.
For AES-128, the key can be recovered with a computational complexity of 2126.1 using the biclique attack. For biclique attacks on AES-192 and AES-256, the computational complexities of 2189.7 and 2254.4 respectively apply. Related-key attacks can break AES-256 and AES-192 with complexities 299.5 and 2176 in both time and data, respectively.
Another attack was blogged and released as a preprint in 2009. This attack is against AES-256 that uses only two related keys and 239 time to recover the complete 256-bit key of a 9-round version, or 245 time for a 10-round version with a stronger type of related subkey attack, or 270 time for an 11-round version. (en)
|
_Round_Function.png?width=300)
_Round_Function.png){kind=link}
_Round_Function.png){kind=link}