[144472] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Distinguisher and Related-Key Attack on the Full AES-256

daemon@ATHENA.MIT.EDU (Jack Lloyd)
Fri May 22 14:33:59 2009

Date: Fri, 22 May 2009 11:06:23 -0400
From: Jack Lloyd <lloyd@randombit.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com

Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolic gave a talk at
the Eurocrypt rump session, 'Distinguisher and Related-Key Attack on
the Full AES-256', with the full paper accepted to Crypto.

Slides from Eurocrypt are here:

http://eurocrypt2009rump.cr.yp.to/410b0c56029d2fa1d686823e3a059af8.pdf

The q-multicollisions attack they describe may be a practical way of
breaking a hash function based on AES. So this could have some
interesting ramifications to SHA-3 candidates which use the AES round
function; I'm not sufficiently familiar with those designs yet for it
to be clear one way or another if they would in fact be vulnerable.

(via zooko's blog)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[144472] in cryptography@c2.net mail archive

Distinguisher and Related-Key Attack on the Full AES-256

daemon@ATHENA.MIT.EDU (Jack Lloyd)Fri May 22 14:33:59 2009

daemon@ATHENA.MIT.EDU (Jack Lloyd)
Fri May 22 14:33:59 2009