Suppose that the key generation is insecure; each key bit is independently generated, but the value of each key bit is '$1$' with probability $0.90$. These keys are used in AES. What is an efficient attack against these weak keys.
The only thing I know is that a randomly chosen key has a lot of $1$s. But from this I don't know how to continue. Can someone give some hint on how to continue?
I have read here but I don't understand.
You could do a brute force attack where you simply try the keys with highest Hamming weight first (those with the most ones). I am not sure if you would call this attack practical but at least it would be much more likely to succeed quickly than brute force when the key is selected uniformly at random.
Just consider the key of all ones, and assume we are using AES with 128bit keys. The probability of picking this key is $0.9^{128} \approx 10^{-6}$. One in a million may not sound very good but in contrast with uniformly random keys the probability would be $0.5^{128} \approx 10^{-39}$. The probability of picking one of the 128 keys with just a single 0 in it would be even better. So you might not have search very many keys to be likely to find the right one.
