On algebraic and statistical properties of AES-like ciphers

The Advanced Encryption Standard (AES) is nowadays the most widespread block cipher in commercial applications. It represents the state-of-art in block cipher design and provides an unparalleled level of assurance against all known cryptanalytic techniques, except for its reduced versions. Moreover, there is no known efficient way to distinguish it from a set of random permutations. The AES (and other modern block ciphers) presents a highly algebraic structure, which led researchers to exploit it for novel algebraic attacks. These tries have been unsuccessful, except for academic reduced versions. Starting from an intuition by I. Toli, we have developed a mixed algebraic-statistical attack. Using the internal algebraic structure of any AES-like cipher, we build an algebraic setting where a related-key (statistical) distinguishing attack can be mounted. Our data reveals a significant deviation of the full AES-128 from a set of random permutations. Although there are recent successful related-key attacks on the full AES-192 and the full AES-256 (with non-practical complexity), our attack would be the first-ever practical distinguishing attack on the full AES-128 (to the best of our knowledge).