The Square attack, first discovered on the block cipher Square, is a structural attack. It targets strange structural properties that persist across rounds of encryption in block ciphers.

There are no known "efficient" attacks on full AES. This means that if you want to break the 10 rounds of AES-128, you will probably have to do a brute-force attack (or something close to that). The observation behind the Square attack only persists for 3 rounds in AES-128. By extension, we will see how we can break 4, 5 and even 6 rounds of AES. Breaking 4 rounds will be "easy" while we will only explain the science behind breaking 5 and 6 rounds of AES as they require too much computing power to present a simple coding challenge.

For this set, you will need a good understanding and an implementation of AES. If you're missing one or both of these requirements, I advise you to check the Set 1 on AES first.

A persistent structure over 3 rounds

Imagine a set of 256 plaintexts. All filled with 0s.

Attacking 4 rounds with the Square attack

Remember what happened to our Λ-set after we've reached the end of 3 rounds

Reversing AES' Key Schedule

Now that we have obtained the last round key of our 3-round AES instance, we need to finish the job and reverse the key schedule to obtain the main key.

Attacking 5 rounds with the Square attack

Now that we've broken 4-round AES, let's try and see what we can do if we add an extra round at the end to make it a 5-round AES.

Attacking 6 rounds with the Square attack

We can also gain a round in the very beginning, we need to guess 4 key byte of the first subkey to create a delta set AFTER the first round.

You are done! Congratulation, you now know about one attack on block cipher. It's a structural attack. Stay tuned for more block cipher cryptanalysis.