New paper on eprint by Alex Biryukov and Dmitry Khovratovich, "Feasible Attack on the 13-round AES-256"
Abstract: In this note we present the first attack with feasible complexity on the 13-round AES-256. The attack runs in the related-subkey scenario with four related keys, in 2**76 time, data, and memory. http://eprint.iacr.org/2010/257 I'm not sure that I would consider 2**76 chosen plaintexts to be particularly practical or feasible; even with a 100 gigabits/second channel it would still take centuries to collect that much data. But an interesting result and certainly a reminder to systems designers to be careful in avoiding related keys (for any algorithm). _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
