Low Data Complexity Attacks on AES

The majority of current attacks on reduced-round variants of block ciphers seeks to maximize the number of rounds that can be broken, using less data than the entire codebook and less time than exhaustive key search. In this paper, the authors pursue a different approach, restricting the data available to the adversary to a few plaintext/ciphertext pairs. They show that consideration of such attacks (which received little attention in recent years) serves an important role in assessing the security of block ciphers and of other cryptographic primitives based on block ciphers.