Distributed AES Analysis

Demo attacking AES with distributed computing


Here you can crack AES either alone on your computer, or distributed as a team of many clients who connect their browsers ad-hoc over the internet (assuming, the key is partly known).

AES is the most common and the best of the modern symmetric encryption methods. It is available as NIST standard free of license1. AES has a fixed block length for the message (128 bits) and a variable key length (the key length can take one of the three values: 128, 192, or 256 bits).

You can start immediately using the sample secret text shown in the filed "Your ciphertext", because all fields and settings are preset accordingly. Of course, you can also enter another secret text, change the parameters, or select one of the other two variants (tab 2 or 3): Below tab 2 you can define a job, others can help to compute. Below tab 3 you can make the resources of your computer available to help calculate someone else's job. How AES works can be seen in detail with Highlights > AES (step-by-step).


  1. Enter the ciphertext in hexadecimal encoding as full 128-bit blocks (the preset ciphertext consists of 640 hex characters = 2560 bit = 20 full AES blocks).
  2. Select key length: 128, 192, or 256 bits.
  3. Enter the key in hex:
    • Enter known digits as hex chars (A-F, 0-9).
    • Mark unknown hex digits wit a star (*).
    • One hex digit correlates with 4 bit. 128 bit correspond to 32 hex digits.
  4. The more * are specified, the longer the analysis takes.
    • 4 stars represent a search space of 16 bit = 216 = 65536 (5 stars = 20 bit = 1,048,576).
    • Sample: During the testphase beginning 2017, 15 worker threads exhausted a searchspace of 16 bit on a modern laptop in 1:48 min which means a throughput of 605 keys / sec. On a workstation with 31 workers the same search space was exhausted in 0:34 min (throughput 1915 keys / sec).
  5. You can get further information in an overlay windows when clicking on the symbol i (behind key input field).

3 Variants: Selection via Tab

In the following paragraphs three possibilities are explained how you can use the distributed AES analysis. Therefore, the plugin offers three tab at the top.

1. Perform the whole job locally (Tab 1)

  1. Either start at once by clicking the button "Start attack locally", or change settings.
  2. Options / settings:
    1. Select mode (ECB or CBC)
    2. Set the maximum number of bytes to be decrypted per key during the analysis
    3. Set the number of parallel running local threads (workers)
  3. After performing the local attack, the best result is presented in an overlay window. Via a click on the button "Show result list", you can have a look at the ca. 20 best results in the lower part of the window.

2. Define (and execute) a job (Tab 2)

  1. Assign a job nameB (name length >= 4)
  2. Link to a groupB
    1. There is immediately a connection message.
    2. The button "Create job" is activated.
  3. Click on "Create job"
    1. You get a message from the server about the newly created job.
    2. The server message is sent to all connected clients.
    3. The button "Start attack with connected clients" is activated.
  4. Click on "Start attack with connected clients"
    1. The calculation is started
      • If no further clients are connected, the orderer has to perform the job alone.
      • Under "Local job" the computed jobs are incremented.
    2. You can wait till further clients connect (see the "Number of connected clients")(the creator of the job counts as the first connected client).
  5. The results are exchanged between the clients.A
  6. After performing the whole attack, the best result is presented in an overlay window. Via a click on the button "Show result list", you can have a look at the ca. 20 best results in the lower part of the window.

3. Offer own resources for other jobs / Help (Tab 3)

  1. Either select a special job according to its name, or a group (with all its jobs) in general.
    The server already defined 9 groups /crypt1 to /crypt9. Selecting a group means to support all jobs within a which are not yet executed.
  2. Optionally, you may change the number of parallel running thread threads (workers) offered.
  3. As a helper client, you can only wait for the job creator to execute the start signal.
  4. Results are exchanged with the job creator.A
  5. Closing the browser window or browser tab or reloading the site will disconnect you.


  • "Mode": Electronic Codebook (ECB)2 or Cipher Block Chaining (CBC)3
  • "Bytes to decrypt per key": For each key in the search space, the selected number of bytes (starting from the beginning of the given ciphertext) are decrypted. With 64 bytes, this is 128 hex digits.
  • "Number of workers (local threads)": There will be x light weight parallel running processes created for the analysis. The analysis is distributed locally to these workers.N
    The "x" is calculated in the following way:
    • For jobs created by your own, per default 2*n - 1 workers are started (given n core). This means all possible workers besides one.
    • For jobs created by others, where you want to help, per default half of the possible number of workers are started (with n cores this means n workers).

Showing the results

For all three variants the best result displayed in a modal overlay window after the analysis.

In addition, after finishing an analysis, the button "Show result list" button will be activated which allows to present a list with the maximum 20 best results. Furthermore, the results can be filtered by words or with a space. Several words are typically separated by a space. If you afterwards click the button "Hide result list", the result list is retracked again.

Information about the preset sample

  1. The decrypted sample text is:
    "CrypTool-Online is the online version of the free e-learning program CrypTool. While CrypTool-Online is primarily designed to study the basics of classical numerals, the download version of CrypTool is also suitable for processing longer texts and performing high-performance analyzes on encrypted messages.øé"
  2. From this, in the result list, given 96 is selected as the number of bytes to decrypt, there will be shown:
    "CrypTool-Online is the online version of the free e-learning program CrypTool. While CrypTool-On"
  3. In the correct key, the first two "*" have to be replaced with "BB", the next two with "AA".
  4. Search and filter terms for the input mask could be, for example: "is from program hile".
  5. The result list contains to each entry an evaluation number. In our sample, the best result has the value 188,619; the 17th best result has the value 24,265. The calculation uses the entropy4: Instead of a relative letter frequency an absolute letter frequency is used which causes higher values and bigger differences between the different results.


  • As ciphertext, only hexadecimal digits are processed.
    Other formats will not result in a meaningful plaintext.
  • A correct and complete cipher (as many complete blocks) must be specified.
  • There will be no padding, so you always have to enter complete AES data blocks.
  • The ciphertext entered has to be correct and complete (arbitrary many blocks, but each one full).
    You can create a ciphertext by your own, for instance with the plugin Highlights > AES (step-by-step).

  • You can see a visual animation of the AES algorithm: Highlights > AES Animation.

  • A Automatic actualization: Due to different devices and different number of workers, the exchange may be a bit delayed.
  • B Required fields are marked in the plugin with a * (asterisk).
  • N Cannot be changed during a running analysis.
  • This plugin was developed during a bachelor thesis in the faculty of computer science at the university of Siegen5.


1 AES, https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
2 Electronic Code Book mode, https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
3 Cipher Block Chaining mode, https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_Block_Chaining_.28CBC.29
4 Entropie (Informationstheorie), https://en.wikipedia.org/wiki/Entropy_(information_theory)
5 Bachelor thesis by David Kuche: "Kryptologie im Browser – Anwendungen am Beispiel CrypTool-Online", April 2017, University of Siegen