Skip to Main Content
ARIA is a new block cipher designed as the block cipher standard of South Korea. The current version is 1.0, which is an improvement of version 0.8 with the security using four kinds of S-boxes instead of two and an additional two rounds of encryptions. These improvements are designed to prevent the dedicated linear attack on ARIA version 0.8 by the four different kinds of S-boxes. This paper presents 12 linear approximations of a single round function that succeeds in attacking ARIA version 1.0 on 7, 9, or 9 rounds for key sizes of 128, 192, or 256 bits using any of these approximations. The corresponding data complexities are 2 87, 2119, and 2 119, the counting complexities are 1.5 × 288, 2119, and 2 119, the memory required for each attack on all three key versions is 2 64 bits and there are 12 weak key classes. These results are similar to the dedicated linear attack on ARIA version 0.8 and show that the improved version can also not effectively resist this type of attack.