[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5

Russell L. Carter rcarter at pinyon.org
Mon Mar 24 23:02:57 EDT 2014

On Mar 24, 2014, at 4:36 PM, Bear <bear at sonic.net> wrote:
>> There are plenty of other potential contenders (Blowfish, RC5), though
>> the great grand-daddy appears to be IDEA:  Initial patent proposal in
>> 1990, full patent proposal in 1991, no known attacks to date.  That
>> puts it at 24 years or so.
> http://www.cs.bris.ac.uk/eurocrypt2012/Program/Tues/Rechberger.pdf
> Almost true, but not quite completely true anymore.  At Eurocrypt 
> in 2012, Reschberger published  an attack on full IDEA.  It 
> exploits narrow bicliques in order to get an attack with complexity 
> of  2^126.1 against a 128-bit key - a 2-bit break.  Not nearly 
> enough for practical deployment against a 128-bit key, but it
> demonstrates a tiny chink in the armor. 
The same attack (and resulting complexity) is reported for AES - you get
about two bits for all of AES-128, 192, and 256.

I found a reference to a paper - http://eprint.iacr.org/2012/011.pdf -
applying the biclique attack to a Korean standard algorithm known as
ARIA-256.  (It gets about 1 bit of advantage with 2^80 chosen plaintexts
- hardly a realistic attack right now.)

Who knows, the biclique technique may get broadened into a whole new
class of attacks on block ciphers, to add to our toolkit along with
differential and linear cryptanalysis and a few lesser-known ones.  Or
it may prove unable to go beyond the tiny advantages it can get today.
It should stand as a warning, though, that new analytic techniques are
always "just around the corner".

                                                        -- Jerry

-------------- next part --------------
The cryptography mailing list
cryptography at metzdowd.com

More information about the cryptography mailing list