[info] interesting paper on eprint archive
Eugen Leitl
<eugen at leitl.org> on
Fri Jun 22 14:57:49 UTC 2007
----- Forwarded message from "Perry E. Metzger" <perry at piermont.com> -----
From: "Perry E. Metzger" <perry at piermont.com>
Date: Fri, 22 Jun 2007 10:25:16 -0400
To: cryptography at metzdowd.com
Subject: interesting paper on eprint archive
The consensus from a few of my friends is that this paper (by
Warren Smith) is a bit eccentrically written but not obviously
flawed. Whether it is of any practical importance at all remains to be
seen -- there may be no way to apply the results.
http://eprint.iacr.org/2007/248
Abstract. We describe a new simple but more powerful form of linear
cryptanalysis. It appears to break AES (and undoubtably other
cryptosystems too, e.g. SKIPJACK). The break is ``nonconstructive,''
i.e. we make it plausible (e.g. prove it in certain approximate
probabilistic models) that a small algorithm for quickly determining
AES-256 keys from plaintext-ciphertext pairs exists -- but without
constructing the algorithm. The attack's runtime is comparable to
performing $64^w$ encryptions where $w$ is the (unknown) minimum
Hamming weight in certain binary linear error-correcting codes
(BLECCs) associated with AES-256. If $w < 43$ then our attack is
faster than exhaustive key search; probably $w < 10$. (Also there
should be ciphertext-only attacks if the plaintext is natural English.)
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the info
mailing list