A Fault Attack Construction Based On Rijmen's Chosen-Text Relations Attack

David Wagner daw at cs.berkeley.edu
Wed Jul 21 14:49:04 EDT 2010


Alfonso De Gregorio wrote:
> The last Thursday, Vincent Rijmen announced a new clever attack on   
> AES (and KASUMI) in a report posted to the Cryptology ePrint   
> Archive: Practical-Titled Attack on AES-128 Using Chosen-Text   
> Relations, http://eprint.iacr.org/2010/337

Jonathan Katz wrote:
> Err...I read that paper by Rijmen as a bit of a joke. I think he was
> poking fun at some of these unrealistic attack models.

Alfonso De Gregorio wrote:
> Now, I expect the unusual nature of the attack model might stir up a  
> lively discussion. My post was soliciting comments in this regard.

For what it's worth, I read Vincent Rijmen's paper in the same way as
Jonathan Katz.  I don't think it's intended to be taken at face value;
if you took it seriously, one of us needs to read it again.  Rather,
I saw it as written with tongue embedded firmly in cheek: I took it as
a serious argument, hidden behind some gentle humor.

Vincent Rijmen could have written a sober, systematic critique of the
direction some of the field has gone in, carefully explaining in great
detail why some recent attack models are unrealistic.  That would have
been the safe, standard, and somewhat boring way to present such an
argument.  But instead Rijmen wrote a one-page lighthearted piece that
implicitly makes its point -- without ever having to come out and say it
-- by taking this research direction to its absurd extreme and showing
us all where it leads to.  It follows in a long intellectual tradition
of saying the opposite of what you mean -- of arguing with a straight
face what is self-evidently a ridiculous position -- and trusting in
the intelligence of the reader to draw the obvious conclusions.

Personally, I found it an effective communication style.  I thought the
point came across very clearly.  And, I have to admit I enjoyed seeing
someone having a spot of fun with what can otherwise be a somewhat dry
topic.  I thought it was brilliantly done.

Sorry to be unable to provide any lively discussion.  I think Vincent
Rijmen's paper makes the point well, and I don't have anything to add.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list