Warning: Missing argument 2 for wpdb::prepare(), called in /home/stromber/public_html/kryptoblog/wp-content/plugins/wp-super-edit/wp-super-edit.core.class.php on line 109 and defined in /home/stromber/public_html/kryptoblog/wp-includes/wp-db.php on line 1222
Ny (märklig) artikel om svagheter i AES » Kryptoblog

Ny (märklig) artikel om svagheter i AES

July 5th, 2007 by Joachim Strömbergson Leave a reply »

Cryptology Eprint Archive har det dykt upp en artikel som säger sig kunna visa att det finns svagheter i AES:

We describe a new simple but more powerful form of linear cryptanalysis. It appears to break AES (and undoubtably other cryptosystems too, e.g. SKIPJACK).

The break is ``nonconstructive,’’ i.e. we make it plausible (e.g. prove it in certain approximate probabilistic models) that a small algorithm for quickly determining AES-256 keys from plaintext-ciphertext pairs exists—but without constructing the algorithm. The attack’s runtime is comparable to performing $64^w$ encryptions where $w$ is the (unknown) minimum Hamming weight in certain binary linear error-correcting codes (BLECCs) associated with AES-256. If $w < 43$ then our attack is faster than exhaustive key search; probably $w < 10$. (Also there should be ciphertext-only attacks if the plaintext is natural English.)

Even if this break breaks due to the underlying models inadequately approximating the real world, we explain how AES still could contain ``trapdoors’’ which would make cryptanalysis unexpectedly easy for anybody who knew the trapdoor. If AES’s designers had inserted such a trapdoor, it could be very easy for them to convince us of that. But if none exist, then it is probably infeasibly difficult for them to convince us of that.

We then discuss how to use the theory of BLECCs to build cryptosystems provably
1. not containing trapdoors of this sort,
2. secure against our strengthened form of linear cryptanalysis,
3. secure against ``differential’’ cryptanalysis,
4. secure against D.J.Bernstein’s timing attack.

Using this technique we prove a fundamental theorem:
it is possible to thus-encrypt $n$ bits with security $2^{cn}$, via an circuit $Q_n$ containing $le c n$ two-input logic gates and operating in $le c log n$ gate-delays, where the three $c$s denote (possibly different) positive constants and $Q_n$ is constructible in polynomial$(n)$ time.

Artikelns författare är Warren D. Smith, matematiker vid Temple University. Jag har ingen aning om vem han är och hur man skall bedöma hans artikel om AES. Att döma av hans webbplats har han skrivit ett antal mer eller mindre märkliga saker (ex om Bush och arsenik i vatten).

Men Warren har även publicerat artiklar med bla Ron Rivest så det kan finnas vett bakom hans AES-artikel. Skall man tro postningar på maillistan Cryptography finns det kryptologer som tittat på artikeln och inte avfärdat den rätt av.

Dyker det upp någon relevant fortsättning eller uppföljning återkommer jag med det här på Kryptoblog.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.


Leave a Reply

You must be logged in to post a comment.