Single-key AES encryption doesn't get in the news much. There was the DCI decision to put a separate keyset on the logs section of the projector, which was a clever and friendly way to handle the FIPs ultimatum.
This week there was a major announcement that are more clever ways of attacking the still noble standard.
Check Sections 11 and 12 to understand what they aren't saying.
Biclique Cryptanalysis of the Full AES
...
State of the art for attacks on AES. AES with its wide-trail strategy was designed to withstand differential and linear cryptanalyses [15], so pure versions of these techniques have limited applications in attacks. With respect to AES, probably the most powerful single- key recovery methods designed so far are impossible differential cryptanalysis [5, 33] and Square attacks [14,20]. The impossible differential cryptanalysis yielded the first attack on 7-round AES-128 with non-marginal data complexity. The Square attack and its variations such as integral attack and multiset attack resulted in the cryptanalysis of round-reduced AES variants with lowest computational complexity to date, while the first attack on 8-round AES-192 with non-marginal data complexity has appeared only recently [20].
The situation is different in weaker attack models, where the related-key cryptanalysis was applied to the full versions of AES-192 and AES-256 [9], and the rebound attack demon- strated a non-random property in 8-round AES-128 [25,30]. However, there is little evidence so far that carrying over these techniques to the most practical single-secret-key model is feasible.
...
http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf
An FAQ on a previous (2009) attack: CryptoLUX > FAQ on the attacks
| File | Description | File size |
|---|---|---|
 AES Encryption of many types vulnerable to some attacks | Biclique attacks of AES has simplicity as an advantage... | 435 Kb |
Subscribe to RSS Feed