In meet-in-the-middle (MITM) attacks, the sizes of the precomputation tables determine the effectiveness. In this paper, value constraints are presented to reduce the size of the precomputation table in MITM attacks on AES. Based on a differential property of linear combinations of multiple S-boxes, value constraints related to input or output in four and five rounds of AES are explored. Meanwhile, with these value constraints, a method of setting up non-linear equations is proposed to reduce the sizes of the precomputation tables by decreasing the number of byte parameters. Compared with the existing results, their sizes can be reduced by \(2^8\), \(2^{16}\), or \(2^{24}\). Finally, some attacks are improved with lower time and memory complexities.

在中间相遇（MITM）攻击中，预计算表的大小决定了有效性。本文提出了值约束来减少 AES 的 MITM 攻击中预计算表的大小。基于多个S盒线性组合的微分性质，探索了四轮和五轮AES中与输入或输出相关的值约束。同时，在这些值约束下，提出了一种建立非线性方程的方法，通过减少字节参数的数量来减小预计算表的大小。与现有结果相比，它们的大小可以减少\(2^8\)、\(2^{16}\)或\(2^{24}\)。最后，一些攻击得到了改进，降低了时间和内存复杂度。