Re: [cryptography] Single-key key recovery for full AES

Sat, 20 Aug 2011 09:12:37 -0700 

Curiously, AES is now being reported as "broken."

http://www.theregister.co.uk/2011/08/19/aes_crypto_attack/
Yet, I'm sure I read earlier that the recovery attack was a few bits short of the brute force attack. Here it is: 

On 18/08/11 1:52 AM, Jack Lloyd wrote:

http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf

...

   - The first key recovery attack on the full AES-128 with computational 
complexity 2^126.1
   - The first key recovery attack on the full AES-192 with computational 
complexity 2^189.7
   - The first key recovery attack on the full AES-256 with computational 
complexity 2^254.4
   - Attacks with lower complexity on the reduced-round versions of AES not 
considered before,
    including an attack on 8-round AES-128 with complexity 2^124.9
   - Preimage attacks on compression functions based on the full AES versions.



Ah, allegedly 2 bits off means broken:

http://forums.theregister.co.uk/post/1151526

   << Broken, in cryptographic circles, means that a means exists
   for deducing the encryption key, with certainty, in less than
   the 2^n operations (i.e. complete encryption cycles) that a
   brute-force attack would require. >>
Therefore, if we lop another 2 bits off, it's twice broken? Or is that broken-squared? To get down to a computationally reasonable number, bit-pair by bit-pair, do we need to break it 2^4 times?
Do cryptanalysts really write in such hyper-inflationary terms, leaving the rest of us to distinguish between English and noise? 


 As our attacks are of high
computational complexity, they do not threaten the practical use of
AES in any way.
Apparently not. In order to reduce the temptation for bored journos appealing to News of the World reader expectations, perhaps we can come up with a way of talking that doesn't trash the ability for the rest of us to appreciate. 

How about rating the bits off the top:

    - AES-128 attacked to B1.9
    - AES-192 attacked to B2.3
    - AES-256 attacked to B1.6

Or?  Just lambast whoever misuses the language, like we always do :)

iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to