Distinguisher and Related-Key Attack on the Full AES-256
Jack Lloyd
lloyd at randombit.net
Fri May 22 11:06:23 EDT 2009
Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolic gave a talk at
the Eurocrypt rump session, 'Distinguisher and Related-Key Attack on
the Full AES-256', with the full paper accepted to Crypto.
Slides from Eurocrypt are here:
http://eurocrypt2009rump.cr.yp.to/410b0c56029d2fa1d686823e3a059af8.pdf
The q-multicollisions attack they describe may be a practical way of
breaking a hash function based on AES. So this could have some
interesting ramifications to SHA-3 candidates which use the AES round
function; I'm not sufficiently familiar with those designs yet for it
to be clear one way or another if they would in fact be vulnerable.
(via zooko's blog)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list