A new method for impossible differential cryptanalysis of 8-round advanced encryption standard

This paper first presents an impossible differential property for 5-round Advanced Encryption Standard (AES) with high probability. Based on the property and the impossible differential cryptanalytic method for the 5-round AES, a new method is proposed for cryptanalyzing the 8-round AES-192 and AES-256. This attack on the reduced 8-round AES-192 demands 2121 words of memory, and performs 2148 8-round AES-192 encryptions. This attack on the reduced 8-round AES-256 demands 2153 words of memory, and performs 2180 8-round AES-256 encryptions. Furthermore, both AES-192 and AES-256 require about 298 chosen plain-texts for this attack, and have the same probability that is only 23 to fail to recover the secret key.