Distinguisher and Related-Key Attack on the Full AES-256

Jack Lloyd lloyd at randombit.net
Fri May 22 11:06:23 EDT 2009


Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolic gave a talk at
the Eurocrypt rump session, 'Distinguisher and Related-Key Attack on
the Full AES-256', with the full paper accepted to Crypto.

Slides from Eurocrypt are here:

http://eurocrypt2009rump.cr.yp.to/410b0c56029d2fa1d686823e3a059af8.pdf

The q-multicollisions attack they describe may be a practical way of
breaking a hash function based on AES. So this could have some
interesting ramifications to SHA-3 candidates which use the AES round
function; I'm not sufficiently familiar with those designs yet for it
to be clear one way or another if they would in fact be vulnerable.

(via zooko's blog)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list