[Cryptography] Best AES candidate brokenby the way that

Brian Gladman brg at gladman.plus.com
Sun Jul 5 04:11:33 EDT 2015

On 05/07/2015 06:34, Ryan Carboni wrote:
> On Sat, Jul 4, 2015 at 9:01 PM, Jerry Leichter <leichter at lrw.com
> <mailto:leichter at lrw.com>> wrote:
>     On Jul 4, 2015, at 4:23 PM, Ryan Carboni <ryacko at gmail.com
>     <mailto:ryacko at gmail.com>> wrote:
>>     The best AES candidate,
>     Clearly many of the best cryptographers out there disagreed with
>     you, as it didn't make it to the final round - and there's been
>     general agreement that the AES selection process was of extremely
>     high quality.
> Except there's one problem with that assertion... Rijndael is easily
> broken by.... cache timing, differential power, and many other attacks.
> The knowledge that those attacks could be used certainly was known
> during the AES competition. [relevant page from Serpent submission
> attached, will show up in the Metzdowd archives]

But it is important to distinguish between algorithm failures and
implementation failures.

The fact that _some_ AES (or Rijndael) _implementations_ can be broken
in _some_ usage scenarios does not mean that the algorithm itself is

All cryptographic algorithms are susceptible to failures that might be
introduced by the way that they are implemented (although it is true
that algorithm design can have a significant influence on the nature and
impact of implementation weaknesses).

More information about the cryptography mailing list