Determining the security of AES is a central problem in cryptanalysis, but progress in this area had been slow and only a handful of cryptanalytic techniques led to significant advancements. At Eurocrypt 2017 Grassi et al. presented a novel type of distinguisher for AES-like structures, but so far all the published attacks which were based on this distinguisher were inferior to previously known attacks in their complexity. In this paper we combine the technique of Grassi et al. with several other techniques in a novel way to obtain the best known key recovery attack on 5-round AES in the single-key model, reducing its overall complexity from about $$2^{32}$$ 2 32 to less than $$2^{22}$$ 2 22 . Extending our techniques to 7-round AES, we obtain the best known attacks on reduced-round AES-192 which use practical amounts of data and memory, breaking the record for such attacks which was obtained in 2000 by the classical Square attack. In addition, we use our techniques to improve the Gilbert–Minier attack (2000) on 7-round AES, reducing its memory complexity from $$2^{80}$$ 2 80 to $$2^{40}$$ 2 40 .

中文翻译：

---

改进了对具有实际数据和内存复杂性的缩减轮 AES 的密钥恢复攻击

确定 AES 的安全性是密码分析的核心问题，但该领域的进展缓慢，只有少数密码分析技术取得了重大进展。在 Eurocrypt 2017 Grassi 等人。提出了一种用于 AES 类结构的新型区分器，但到目前为止，所有基于该区分器的已发表攻击在其复杂性上都不如先前已知的攻击。在本文中，我们结合了 Grassi 等人的技术。与其他几种技术以一种新颖的方式在单密钥模型中获得对 5 轮 AES 的最著名的密钥恢复攻击，将其整体复杂性从大约 $$2^{32}$$2 32 降低到低于 $$2^ {22}$$ 2 22 . 将我们的技术扩展到 7 轮 AES，我们获得了对减少轮 AES-192 的最著名的攻击，它使用了实际数量的数据和内存，打破了 2000 年通过经典 Square 攻击获得的此类攻击记录。此外，我们使用我们的技术改进了 7 轮 AES 上的 Gilbert-Minier 攻击 (2000)，将其内存复杂性从 $$2^{80}$$ 2 80 降低到 $$2^{40}$$ 2 40 。