New AES Attack Documented 236
avxo writes "Bruce Schneier covers a new cryptanalytic related-key attack on AES that is better than brute force with a complexity of 2^119. According to an e-mail by the authors: 'We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time. We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES.'"
Yawn (Score:3, Insightful)
So instead of taking 1 million years to brute force, it will take .9 million years?
I totally made up those numbers but that's about the difference.
Re:Complexity (Score:3, Insightful)
I believe the complexity is a rough measure of how long it should take to break the code. So in this case, a reduction from 2^119 to 2^110.5 is approximately 360 times faster (that is, a 2^119 complexity attack takes 360 times as long as a 2^110.5 complexity attack).
Quantum Computers (Score:3, Insightful)
To my knowledge quantum cryptography is still limited to very close distances, while cracking a crypto key is obviously not affected by this limitation.
Re:Complexity. (Score:5, Insightful)
Pardon me, but isn't the article about AES-256? So this is a much more significant drop in the number of bits.
Of course, I've only read the summary. This is slashdot, natch.
Re:Complexity. (Score:2, Insightful)
Re:Quantum Computers (Score:3, Insightful)
Re:Furthers my stand on crypto, which is: DON'T (Score:5, Insightful)
Refutation: Crypto is indeed all about WHEN. WHEN is not pointless, it is the point.
Re:Complexity (Score:3, Insightful)
Unless of course you start in the middle and expand outwards in both directions ;)
Re:Quantum Computers (Score:2, Insightful)
The power of Quantum Computers is in getting really smart people to figure out how to take advantage of quantum interference to our benefit. There have been some really impressive results for a variety of pure-math problems that only a few people care about. But integer factorization and discrete-logarithms are among them - hence why QCs threaten most/all asymmetric encryption protocols (they're all based on one or both of those problems). However, for a vast array of problems, QCs won't offer us any computational improvement.
There are some improvements for more-practical algorithms, but the speed-up isn't usually as impressive. However, using Grover's algorithm to reduce a pure guessing problem from O(n) to O(sqrt(n)) is intriguing, to say the least.
Re:Complexity. (Score:3, Insightful)
Re:Yawn (Score:3, Insightful)
http://valerieaurora.org/hash.html [valerieaurora.org]
Pay special attention to the reaction of the "slashdotter" to "minor weakness found", and compare it to your reaction.
Remember, attacks always gets better, never worse. The first attack that weakens an algorithm *is* a big deal.
Oh, and reducing complexity from 2^128 to 2^110 isn't as it may appear a reduction of 10% in time-to-break, infact it's a reduction of 2^18 or about a factor of a million, so it's more like if before it took a million years, now it takes ONE year. Luckily for you, AES256 was at a lot more than a million years before the break, so there's still some air left in it.