[25179] in cryptography@c2.net mail archive
Re: Status of attacks on AES?
daemon@ATHENA.MIT.EDU (John R. Black)
Wed May 10 19:14:30 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 10 May 2006 10:01:57 -0600
From: "John R. Black" <John.Black@Colorado.EDU>
To: cryptography@metzdowd.com
In-Reply-To: <01c001c66f8f$b8ac1690$1d137cc8@microsof241b65>
On Thu, May 04, 2006 at 10:30:40AM -0500, Marcos el Ruptor wrote:
>
> http://defectoscopy.com/forum/viewtopic.php?t=3
>
> Expect new attacks soon enough.
>
I skimmed this. The start of the article says that after 3 rounds AES
achieves perfect diffusion?!
A simple square attack (that I teach in class in about 60 mins) recovers
the key of 4-round AES with 256 chosen-plaintexts. The six-round attack
isn't too much harder.
Square (the cipher that preceded Rijndael and is very similar) was 8 rounds
to get past the 6-round attack. During the AES vetting process they went
to 10 rounds for extra assurance (as much as anyone gets assurances from
the black art of blockcipher design).
john//
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
