Paper and details are not yet public, but Schneier provides a summary:

Basically, if AES-256 is implemented with fewer rounds than the standard
specifies (essentially the number of rounds recommended for AES-128), it
is susceptible to a number of related-key attacks.

I)ruid, CĀ²ISSP

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to