Improved “Partial Sums”-based Square Attack on AES

Michael Tunstall


The Square attack as a means of attacking reduced round variants of AES was described in the initial description of the Rijndael block cipher. This attack can be applied to AES, with a relatively small number of chosen plaintext-ciphertext pairs, reduced to less than six rounds in the case of AES-128 and seven rounds otherwise and several extensions to this attack have been described in the literature. In this paper we describe new variants of these attacks that have a smaller time complexity than those present in the literature. Specifically, we demonstrate that the quantity of chosen plaintext-ciphertext pairs can be halved producing the same reduction in the time complexity. We also demonstrate that the time complexity can be halved again for attacks applied to AES-128 and reduced by a smaller factor for attacks applied to AES-192. This is achieved by eliminating hypotheses on-the-fly when bytes in consecutive subkeys are related because of the key schedule.


  1. Bahrak, B. and Aref, M. R. (2008). Impossible differential attack on seven-round AES-128. IET Information Security Journal, 2(2):28-32.
  2. Biham, E. and Keller, N. (1999). Cryptanalysis of reduced variants of Rijndael. unpublished. ebiham.pdf.
  3. Bogdanov, A., Khovratovich, D., and Rechberger, C. (2011). Biclique cryptanalysis of the full AES. In Lee, D. H. and Wang, X., editors, ASIACRYPT 2011, volume 7073 of LNCS, pages 344-371. Springer.
  4. Daemen, J., Knudsen, L., and Rijmen, V. (1997). The block cipher Square. In Biham, E., editor, FSE 7897 , volume 1267 of LNCS, pages 149-165. Springer.
  5. Daemen, J. and Rijmen, V. (1998). AES proposal: Rijndael. In AES Round 1 Technical Evaluation CD-1: Documentation. NIST.
  6. Dunkelman, O. and Keller, N. (2010). The effects of the omission of last round's MixColumns on AES. Information Processing Letters, 110(8-9):304-308.
  7. Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., and Whiting, D. (2001). Improved cryptanalysis of Rijndael. In Schneier, B., editor, FSE 2000, volume 1978 of LNCS, pages 213-230. Springer.
  8. FIPS PUB 197 (2001). Advanced encryption standard (AES). Federal Information Processing Standards Publication 197, National Institute of Standards and Technology (NIST), Gaithersburg, MD, USA.
  9. Lu, J., Dunkelman, O., Keller, N., and Kim, J. (2008). New impossible differential attacks on AES. In Chowdhury, D. R., Rijmen, V., and Das, A., editors, INDOCRYPT 2008, volume 5365 of LNCS, pages 279- 293. Springer.
  10. Lucks, S. (2000). Attacking seven rounds of Rijndael under 196-bit and 256-bit keys. In AES Candidate Conference 2000. conf.htm.
  11. Mangard, S., Oswald, E., and Popp, T. (2007). Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer-Verlag.
  12. Zhang, W., Wu, W., and Feng, D. (2007). New results on impossible differential cryptanalysis of reduced AES. In Nam, K.-H. and Rhee, G., editors, ICISC 2007, volume 4817 of LNCS, pages 239-250. Springer.

Paper Citation

in Harvard Style

Tunstall M. (2012). Improved “Partial Sums”-based Square Attack on AES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 25-34. DOI: 10.5220/0003990300250034

in Bibtex Style

author={Michael Tunstall},
title={Improved “Partial Sums”-based Square Attack on AES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},

in EndNote Style

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Improved “Partial Sums”-based Square Attack on AES
SN - 978-989-8565-24-2
AU - Tunstall M.
PY - 2012
SP - 25
EP - 34
DO - 10.5220/0003990300250034