Probabilistic Mixture Differential Cryptanalysis on Round-Reduced AES

Lorenzo Grassi*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems (rather) hard to exploit such a distinguisher in order to implement a key-recovery attack different than brute-force like. On the other hand, such result has been exploited to set up a new (competitive) secret-key distinguisher for 4-round AES, called “Mixture Differential Cryptanalysis”. In this paper, we combine this new 4-round distinguisher with a modified version of a truncated differential distinguisher in order to set up a new 5-round distinguisher, that exploits properties which are independent of the secret key, of the details of the S-Box and of the MixColumns matrix. As a result, while a “classical” truncated differential distinguisher exploits the probability that a pair of (two) texts satisfies or not a given differential trail independently of the others pairs, our distinguisher works with sets of (related) pairs of texts. In particular, our new 5-round AES distinguisher exploits the fact that such sets of texts satisfy some properties with a different probability than for a random permutation. Even if such 5-round distinguisher has a higher complexity than e.g. the “multiple-of-8” one present in the literature, it can be used as starting point to set up the first key-recovery attack on 6-round AES that exploits directly a 5-round secret-key distinguisher. The goal of this paper is indeed to present and explore new approaches, showing that even a distinguisher like the one presented at Eurocrypt – believed to be hard to exploit – can be the starting point for new secret-key distinguishers and/or key-recovery attacks.

Original languageEnglish
Title of host publicationSelected Areas in Cryptography – SAC 2019 - 26th International Conference, Revised Selected Papers
EditorsKenneth G. Paterson, Douglas Stebila
Number of pages32
ISBN (Print)9783030384708
Publication statusPublished - 1 Jan 2020
Event26th International Conference on Selected Areas in Cryptography, SAC 2019 - Waterloo, Canada
Duration: 12 Aug 201916 Aug 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11959 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference26th International Conference on Selected Areas in Cryptography, SAC 2019


  • AES
  • Key-recovery attack
  • Mixture differential cryptanalysis
  • Secret-key distinguisher
  • Truncated differential

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Probabilistic Mixture Differential Cryptanalysis on Round-Reduced AES'. Together they form a unique fingerprint.

Cite this