[Cryptography] Rumor has it that AES-256 is broken (again!)
Ray Dillinger
bear at sonic.net
Fri Jun 10 16:52:07 EDT 2016
On 06/09/2016 11:52 AM, Kevin W. Wall wrote:
> http://yournewswire.com/encryption-security-may-not-be-secure-anymore/
>
> Sounds like total BS to me; like someone is being punked. I can't even
> find any evidence of the paper itself existing. Supposedly, the title
> of paper (from
> another link) is:
>
> Factoring of Large Integers using Estimation of Weak Intermediate
> Key Points along a Quadratic Curve
>
> I have some nervous friends, so if someone could officially debunk,
> I'd be most appreciative.
I don't think anyone can *officially* debunk with absolute certainty,
because by definition we don't know what breakthroughs have yet to be
discovered. But this seems about as likely as the spontaneous
teleportation of a large solid body via simultaneous quantum
tunneling of every subatomic particle in that body and having it
arrive three feet away and still solid. You'd need at least three
huge breakthroughs, one of which is extremely unlikely and two of
which are as close to impossible as nevermind.
1) Major breakthrough in factoring reduces factoring time by many
orders of magnitude. Unlikely at best, and would qualify someone
for a Nobel prize in mathematics. Factoring has gotten better,
and may get better yet, but short of a 256-bit quantum computer
(which they definitely didn't do, or it would have made front
page headlines all over the world) nobody's getting that much
of an edge in one jump.
2) Unsuspected relationship of factoring to AES allows factoring
to help anyone recover AES keys and/or decrypt AES. This is
so out-of-left-field that it would be unrelated to all prior
mathematical work and knowledge. I would cheerfully bet one
penny against life imprisonment on this, and call the guy who
put up the penny a sucker.
3) Hypothetical Factoring-based attack reduces AES256 by over 200
bits of security. It is either 70 orders of magnitude faster
than the biclique attack due to Bogdanov/Khovratovich/Rechberger,
or 69.5 orders of magnitude faster and can be used together
with it. The biclique attack is the best known attack on
AES, and it reduces AES256 complexity by about a factor of 4.
It was a major breakthrough and used math that's actually
known to be related to AES.
I would say that it's completely safe to ignore this rumor. The odds
that the reporter just plain got the story wrong are googolplexes of
times greater than the odds that it's actually significant. Reporters
getting stories just plain wrong, after all, has happened at least
once in the history of the universe.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160610/98a0eef5/attachment.sig>
More information about the cryptography
mailing list