Feeds

AES encryption not as tough as you think

Cipher attack shaves safety margin

The Essential Guide to IT Transformation

Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought.

In a soon-to-be-published paper, researchers Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir show that the 256-bit version of AES is susceptible to several so-called related-key attacks that significantly diminish the amount of time it takes to guess a key. One technique against the 11-round version of the cipher can be completed in 270 operations, an improvement that cryptographer Bruce Schneier says was strong enough to be "almost practical."

Another attack uses only two related keys to crack the complete key of a nine-round version in 239 time, a vast improvement over the 2120 time of the best previous attack. A third attack breaks a 10-round version in 245 time.

Like previous attacks on AES, the latest techniques are still wildly impractical, cryptographers say. But because most of the world depends on the encryption standard to keep sensitive records and communications secure from outsiders, the findings are nonetheless significant. AES is also the foundation of several candidates for a new cryptographic hashing algorithm called SHA-3 that will be adopted by the US National Institute of Standards and Technology.

"When you're trying to build a system with a long life span, you want to have ciphers that are very conservative, so if there is a new attack that comes along, you have a long safety margin," says Paul Kocher, president and chief scientist at Cryptography Research, a San Francisco-based consultancy. "If you're trying to design a system that will be in the field for 30 years, you start worrying about stuff like this."

Kocher says that banks and other organizations have already spent billions of dollars moving away from DES, or the Data Encryption Standard, which enjoyed widespread use until cryptographers uncovered significant weaknesses that allowed it to be cracked using practical attacks.

Related-key attacks require a message to be encrypted with one key that is later changed to one or more different keys. It's usually hard for an outsider to control what keys get used, so the technique is considered hard to carry out under real-world settings.

Still, the findings have the surprising effect of making 256-bit AES less hardened than the 192-bit version. The related-key attack doesn't work on either AES-192 or AES-128.

The attack builds off of previous research that described a way to infer clues about keys used in AES by employing what's known as boomerang switching techniques to infer clues about the keys used in the algorithm.

That attack is also extremely hard to carry out in practical environments, but the latest findings suggest that new data continues to chip away at the viability of the AES ciphers. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.