The effects of the omission of last round's MixColumns on AES

Orr Dunkelman, Nathan Keller

Research output: Contribution to journalArticlepeer-review

29 Scopus citations


The Advanced Encryption Standard (AES) is the most widely deployed block cipher. It follows the modern iterated block cipher approach, iterating a simple round function multiple times. The last round of AES slightly differs from the others, as a linear mixing operation (called MixColumns) is omitted from it. Following a statement of the designers, it is widely believed that the omission of the last round MixColumns has no security implications. As a result, the majority of attacks on reduced-round variants of AES assume that the last round of the reduced-round version is free of the MixColumns operation. In this letter we challenge this belief, showing evidence that the omission of MixColumns affects the security of (reduced-round) AES. First, we consider a simple example of 1-round AES, where we show that the omission reduces the time complexity of an attack with a single known plaintext from 248 to 216. Then, we examine several previously known attacks on 7-round AES-192 and show that the omission reduces their time complexities by a factor of 216.

Original languageEnglish
Pages (from-to)304-308
Number of pages5
JournalInformation Processing Letters
Issue number8-9
StatePublished - 1 Apr 2010
Externally publishedYes

Bibliographical note

Funding Information:
The second author was partially supported by the Koshland center for basic research.


  • AES
  • Cryptography
  • Impossible differential cryptanalysis
  • MixColumns


Dive into the research topics of 'The effects of the omission of last round's MixColumns on AES'. Together they form a unique fingerprint.

Cite this