Abstract: The Square-6 attack was once thought to be one of the most effective attacks against the AES algorithm Rijndael of six rounds. It was performed with a time complexity of 2⁷² by means of applying a Square-5 attack to a Λ set that contains an active byte. The Λ set was constructed by guessing four bytes of the initial round key. We point out in this paper that no proper Λ set can be built in the Square-6 attack and therefore the overall attack will fail without doubt. Based on the technique of the partial sums, a correctional Square-6 attack independent of the initial round key is described. The time complexity of the correctional attack is 2⁵⁰.

Key words: Rijndael, Λ-set, square attack, partial sum