Skip to Main content Skip to Navigation
Master thesis

New Representations of the AES Key Schedules

Abstract : In this master thesis we present new representations of the AES key schedules, with some implications to the security of AES-based schemes. In particular, we show that the AES-128 key schedule can be split into four independent parallel computations operating on 32 bits, up to linear transformation. Surprisingly, this property has not been described in the literature after more than 20 years of analysis of AES. As a consequence, iterating an odd number of key-schedule rounds results in a function with short cycles. This explains an observation of Khairallah on mixFeed, a second-round candidate in the NIST lightweight competition. Our analysis actually shows that his forgery attack on mixFeed succeeds with probability 0.44, completely breaking the scheme. The same observation also leads to a novel attack on ALE, another AES-based AEAD scheme.
Document type :
Master thesis
Complete list of metadata
Contributor : Clara Pernot Connect in order to contact the contributor
Submitted on : Tuesday, February 9, 2021 - 10:08:03 AM
Last modification on : Friday, January 21, 2022 - 3:18:54 AM
Long-term archiving on: : Monday, May 10, 2021 - 6:23:22 PM


Files produced by the author(s)


  • HAL Id : hal-03135597, version 1



Clara Pernot. New Representations of the AES Key Schedules. Cryptography and Security [cs.CR]. 2020. ⟨hal-03135597⟩



Les métriques sont temporairement indisponibles