Abstract:
Biclique cryptanalysis was proposed by Bogdanov et al. in Asiacrypt 2011 as a new tool
for cryptanalysis of block ciphers. A major hurdle in carrying out biclique cryptanalysis is that it has
a very high query complexity (of the order of 288 for AES-128, 280 for AES-192 and 240 for AES-256).
This naturally puts a big question mark over the practical feasibility of implementing biclique attack in
real world. In this work, we re-evaluate the security of full round AES against biclique cryptanalysis. We
describe an alternate biclique construction with signi cantly reduced query complexity (of the order of 224
for AES-128, 232 for AES-192 and 28 for AES-256) at the expense of a slightly increased computational
cost. In our approach, we use independent biclique technique to launch a chosen ciphertext attack against
AES.
