Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits

The AES block cipher has a 128-bit block length and a user key of 128, 192 or 256 bits, released by NIST for data encryption in the USA; it is an ISO international standard. In 2008, Demirci and Selçuk gave a meet-in-the-middle attack on 7-round AES under 192 key bits. In 2009, Demirci et al. (incorrectly) described a new meet-in-the-middle attack on 7-round AES under 192 key bits. Recently, Dunkelman et al. described an attack on 8-round AES under 192 key bits by taking advantage of the early abort technique and several other observations, including one about the key schedule. In this paper, we show that by exploiting a simple observation on the key schedule, a meet-in-the-middle attack on 8-round AES under 192 key bits can be obtained from Demirci and Selçuk’s and Demirci et al.’s work; and a more efficient attack can be obtained when taking into account Dunkelman et al.’s observation on the key schedule. In the single-key attack scenario, attacking 8 rounds is the best currently known cryptanalytic result for AES in terms of the numbers of attacked rounds, and our attack has a practical data complexity when compared with the currently known attacks on 8-round AES under 192 key bits.