用已知加密演算法AES加密文本123，得到密文xxx，問能否根據密文、加密演算法、原文本123直接推導出密鑰是什麼？

01-03

即有沒有效率高於暴力破解的方法, 。
實際使用中，不會是123這麼簡單的文本，至少是幾十個字元那樣的文本。

有, 但攻擊的時間複雜度仍舊很高

下面引自維基百科

Advanced Encryption Standard

In July 2010 Vincent Rijmen published an ironic paper on "chosen-key-relations-in-the-middle" attacks on AES-128.[26]The first key-recovery attacks on full AES were due to Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger, and were published in 2011.[27] The attack is a biclique attack and is faster than brute force by a factor of about four. It requires 2^126.1 operations to recover an AES-128 key. For AES-192 and AES-256, 2^189.7 and 2^254.4 operations are needed, respectively. This is a very small gain, as a 126-bit key (instead of 128-bits) would still take billions of years. Also, the authors calculate the best attack using their technique on AES with a 128 bit key requires storing 2^88 bits of data. That works out to about 38 trillion terabytes of data, which is more than all the data stored on all the computers on the planet. As such this is a theoretical attack that has no practical implication on AES security.[28]

這種攻擊場景，在密碼學裡，叫做 已知明文攻擊 ( https://en.wikipedia.org/wiki/Known-plaintext_attack）。

已知明文攻擊對 aes 無效（即沒有比暴力窮舉更快的辦法）。

參考：

1. http://crypto.stackexchange.com/questions/3952/is-it-possible-to-obtain-aes-128-key-from-a-known-ciphertext-plaintext-pair

2. http://security.stackexchange.com/questions/5355/compute-the-aes-encryption-key-given-the-plaintext-and-its-ciphertext

可以，這種攻擊手段叫做字典攻擊，為了防止這種攻擊，AES等演算法只是定義了單個塊的加密方式，在實際數據加密過程中，會引入CBC，CTR，CFB等block cipher mode演算法。

樓主所說的這種屬於 Electronic Codebook (ECB)，簡單來說就是每個數據塊獨立加密，不加入任何隨機或者偽隨機數。

用這種加密方式有很大的漏洞，如下圖：

相對安全的Block Cipher Mode有CBC、PCBC、CFB、OFB、CTR等，其關鍵思想就是在加密過程中加入上下文塊相關或者位置相關的鹽。

這方面這篇文章解釋的很清楚 Block cipher mode of operation

文中圖片也基本都來自上述鏈接，我只是拋磚引玉