Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolic gave a talk at the Eurocrypt rump session, 'Distinguisher and Related-Key Attack on the Full AES-256', with the full paper accepted to Crypto.
Slides from Eurocrypt are here: http://eurocrypt2009rump.cr.yp.to/410b0c56029d2fa1d686823e3a059af8.pdf The q-multicollisions attack they describe may be a practical way of breaking a hash function based on AES. So this could have some interesting ramifications to SHA-3 candidates which use the AES round function; I'm not sufficiently familiar with those designs yet for it to be clear one way or another if they would in fact be vulnerable. (via zooko's blog) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com