Weak-Key Distinguishers for AES

Lorenzo Grassi*, Gregor Leander, Christian Rechberger, Cihangir Tezcan, Friedrich Wiemer

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


In this paper, we analyze the security of AES in the case in which the whitening key is a weak key. After a systematization of the classes of weak-keys of AES, we perform an extensive analysis of weak-key distinguishers (in the single-key setting) for AES instantiated with the original key-schedule and with the new key-schedule proposed at ToSC/FSE’18. As one of the main results, we show that (almost) all the secret-key distinguishers for round-reduced AES currently present in the literature can be set up for a higher number of rounds of AES if the whitening key is a weak-key. Using these results as starting point, we describe a property for 9-round AES-128 and 12-round AES-256 in the chosen-key setting with complexity 264 without requiring related keys. These new chosen-key distinguishers – set up by exploiting a variant of the multiple-of-8 property introduced at Eurocrypt’17 – improve all the AES chosen-key distinguishers in the single-key setting. The entire analysis has been performed using a new framework that we introduce here – called “weak-key subspace trails”, which is obtained by combining invariant subspaces (Crypto’11) and subspace trails (FSE’17) into a new, more powerful, attack.

Original languageEnglish
Title of host publicationSelected Areas in Cryptography - 27th International Conference, 2020, Revised Selected Papers
EditorsOrr Dunkelman, Michael J. Jacobson, Jr., Colin O’Flynn
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages30
ISBN (Print)9783030816513
Publication statusPublished - 2021
Event27th International Conference on Selected Areas in Cryptography, SAC 2020 - Virtual, Online
Duration: 21 Oct 202023 Oct 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12804 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference27th International Conference on Selected Areas in Cryptography, SAC 2020
CityVirtual, Online


  • AES
  • Chosen-key distinguisher
  • Key schedule
  • Weak-keys

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Weak-Key Distinguishers for AES'. Together they form a unique fingerprint.

Cite this