There are lots of attacks which are on reduced block ciphers. There are practical attack on five rounds of AES-128five rounds aes broken in six minutes. I was just wondering if there is any practical application of reduced rounds of AES where less than 10 rounds are used.
6
- 1$\begingroup$ Why there should be, that will be non-standard and insecure. AES quite fast and can be found in some hardware, too. $\endgroup$kelalaka– kelalaka2020-02-20 06:26:09 +00:00Commented Feb 20, 2020 at 6:26
- $\begingroup$ 4 rounds of AES make a good 128-bit mixing function $\endgroup$Richie Frame– Richie Frame2020-02-20 07:59:42 +00:00Commented Feb 20, 2020 at 7:59
- $\begingroup$ Reduced rounds version of AES (or other cryptographic primitives) are usually used to mount a practical attack and show research results. Of course the complexity of the attack makes it infeasible on the full AES $\endgroup$ddddavidee– ddddavidee2020-02-20 08:14:40 +00:00Commented Feb 20, 2020 at 8:14
- $\begingroup$ I didn't watch the video yet, but maybe a reduced round AES is mentioned in Jean-Philippe Aumasson's talk "Too much crypto" at this year's Real World Crypto. You can watch it by following "The link for live streaming" on rwc.iacr.org/2020/program.html and then scrolling down in the left window "Program" to "Symmetric Cryptography II" and click it. $\endgroup$j.p.– j.p.2020-02-20 08:20:50 +00:00Commented Feb 20, 2020 at 8:20
- $\begingroup$ @kelalaka i just wanted to know if there is any use of less round aes. $\endgroup$Radium– Radium2020-02-20 10:08:35 +00:00Commented Feb 20, 2020 at 10:08
| Show 1 more comment
1 Answer
$\begingroup$ $\endgroup$
There is not much use for reduced-round AES as a block cipher per se. AES has been carefully designed to provide appropriate security margins and 20 years of cryptanalysis show that they are just right - reducing the number of rounds would make it potentially susceptible to attacks.
On the other hand, the single round function is a very useful transformation that provides good mixing and other provable properties. Moreover, widespread hardware support for the round function (like AES-NI instructions and similar) makes it attractive from the performance point of view.
A good example is a lightweight hash Haraka designed for short-input hashing that uses AES round function.
