Re: Status of attacks on AES?

2006-06-12 Thread Travis H.
On 6/8/06, Max [EMAIL PROTECTED] wrote: What they need is just to provide an access to their distinguisher in the form of blackbox. To prove its meaningfulness, the distinguisher must show consistent results in distinguishing AES-encrypted data (say, for a fixed plaintext without repeating

Re: Status of attacks on AES?

2006-06-12 Thread Travis H.
On 6/12/06, Travis H. [EMAIL PROTECTED] wrote: I may be stepping into the crossfire here, but on my reading of their web page, they don't claim to be able to do that. Bleh, my misunderstanding. Forget that I flaunted my ignorance. -- Scientia Est Potentia -- Eppur Si Muove -- Admire the

Re: Status of attacks on AES?

2006-06-09 Thread Max
On 6/8/06, Steven M. Bellovin [EMAIL PROTECTED] wrote: You say you have a method to evaluate ciphers. Without full details, no one can form their own judgment if it's valid or not. (My proposal clearly isn't valid.) You say you've evaluated AES and other ciphers. Without full details, we

Re: Status of attacks on AES?

2006-06-08 Thread Steven M. Bellovin
On Wed, 7 Jun 2006 15:02:35 -0500, Marcos el Ruptor [EMAIL PROTECTED] wrote: Right. But can you explain *why* you strongly believe in it? In the last 10 years it never failed to tell the difference between good and bad ciphers. The only thing that makes it controversial is its ability to

RE: Status of attacks on AES?

2006-06-07 Thread Whyte, William
Good, bad, right, wrong, correct, incorrect, meaningful, meaningless... Who knows? Don't ask us. We are simply trying to contribute something new that we strongly believe in Right. But can you explain *why* you strongly believe in it? William

Re: Status of attacks on AES?

2006-06-07 Thread Marcos el Ruptor
Right. But can you explain *why* you strongly believe in it? In the last 10 years it never failed to tell the difference between good and bad ciphers. The only thing that makes it controversial is its ability to detect flaws in ciphers believed to be strong simply because no attacks against

Re: Status of attacks on AES?

2006-06-06 Thread Steven M. Bellovin
On Sun, 4 Jun 2006 16:52:38 -0500, Marcos el Ruptor [EMAIL PROTECTED] wrote: http://defectoscopy.com/forum/viewtopic.php?t=3 http://defectoscopy.com/results.html and http://defectoscopy.com/background.html Are there any peer-reviewed descriptions of your technique? Right now, all that

RE: Status of attacks on AES?

2006-06-06 Thread Whyte, William
Isn't what you are referring to called secure number of rounds? In other words the number of rounds after which no known attack exists that can break the cipher faster than brute-forcing the key? It looks like I have no choice but to invent a new term, PRF rounds - the number of rounds

Re: Status of attacks on AES?

2006-06-06 Thread Marcos el Ruptor
Can you briefly explain how you determine the PRF rounds value? William Your question belongs in our forums - http://defectoscopy.com/forum/viewforum.php?f=3 where it's already being discussed. Ruptor [Moderator's note: no, actually, if you're going to mention it here, you had better be

Re: Status of attacks on AES?

2006-06-04 Thread Marcos el Ruptor
I skimmed this. The start of the article says that after 3 rounds AES achieves perfect diffusion?! 1. It's complete diffusion, not perfect diffusion. Perfect diffusion is a property meaning something completely different. 2. My post incorrectly stated that cryptographers believed that the AES

Re: Status of attacks on AES?

2006-05-13 Thread Max
On 5/3/06, Joachim Strombergson [EMAIL PROTECTED] wrote: Just out of curiosity I tried to Google around for recent papers on attacks against AES/Rijndael. I found the usual suspects with XLS attacks and DJBs timing attack. But what is the current status of attacks, anything new and exciting?

Re: Status of attacks on AES?

2006-05-11 Thread Taral
On 5/10/06, John R. Black [EMAIL PROTECTED] wrote: I skimmed this. The start of the article says that after 3 rounds AES achieves perfect diffusion?! No, it says their old ASD could not distinguish encrypted data from random after 3 rounds. -- Taral [EMAIL PROTECTED] You can't prove

Re: Status of attacks on AES?

2006-05-11 Thread Marcos el Ruptor
On Wed, 10 May 2006 10:01:57 -0600, John R. Black wrote On Thu, May 04, 2006 at 10:30:40AM -0500, Marcos el Ruptor wrote: http://defectoscopy.com/forum/viewtopic.php?t=3 Expect new attacks soon enough. I skimmed this. The start of the article says that after 3 rounds AES

Re: Status of attacks on AES?

2006-05-11 Thread John R. Black
On 5/10/06, John R. Black [EMAIL PROTECTED] wrote: I skimmed this. The start of the article says that after 3 rounds AES achieves perfect diffusion?! No, it says their old ASD could not distinguish encrypted data from random after 3 rounds. -- Taral [EMAIL PROTECTED] You can't prove

Re: Status of attacks on AES?

2006-05-10 Thread John R. Black
On Thu, May 04, 2006 at 10:30:40AM -0500, Marcos el Ruptor wrote: http://defectoscopy.com/forum/viewtopic.php?t=3 Expect new attacks soon enough. I skimmed this. The start of the article says that after 3 rounds AES achieves perfect diffusion?! A simple square attack (that I teach in

Re: Status of attacks on AES?

2006-05-05 Thread Elisabeth Oswald
Hi, if current status refers to the latest published papers then you can find a short overview over the best known attacks on http://www.iaik.tugraz.at/research/krypto/AES/index.php Elisabeth Joachim Strombergson schrieb: Aloha! Just out of curiosity I tried to Google around for recent

Status of attacks on AES?

2006-05-04 Thread Joachim Strombergson
Aloha! Just out of curiosity I tried to Google around for recent papers on attacks against AES/Rijndael. I found the usual suspects with XLS attacks and DJBs timing attack. But what is the current status of attacks, anything new and exciting? -- Med vänlig hälsning, Cheers! Joachim

Re: Status of attacks on AES?

2006-05-04 Thread Marcos el Ruptor
Aloha! Just out of curiosity I tried to Google around for recent papers on attacks against AES/Rijndael. I found the usual suspects with XLS attacks and DJBs timing attack. But what is the current status of attacks, anything new and exciting? http://defectoscopy.com/forum/viewtopic.php?t=3