Feeds

AES encryption not as tough as you think

Cipher attack shaves safety margin

5 things you didn’t know about cloud backup

Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought.

In a soon-to-be-published paper, researchers Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir show that the 256-bit version of AES is susceptible to several so-called related-key attacks that significantly diminish the amount of time it takes to guess a key. One technique against the 11-round version of the cipher can be completed in 270 operations, an improvement that cryptographer Bruce Schneier says was strong enough to be "almost practical."

Another attack uses only two related keys to crack the complete key of a nine-round version in 239 time, a vast improvement over the 2120 time of the best previous attack. A third attack breaks a 10-round version in 245 time.

Like previous attacks on AES, the latest techniques are still wildly impractical, cryptographers say. But because most of the world depends on the encryption standard to keep sensitive records and communications secure from outsiders, the findings are nonetheless significant. AES is also the foundation of several candidates for a new cryptographic hashing algorithm called SHA-3 that will be adopted by the US National Institute of Standards and Technology.

"When you're trying to build a system with a long life span, you want to have ciphers that are very conservative, so if there is a new attack that comes along, you have a long safety margin," says Paul Kocher, president and chief scientist at Cryptography Research, a San Francisco-based consultancy. "If you're trying to design a system that will be in the field for 30 years, you start worrying about stuff like this."

Kocher says that banks and other organizations have already spent billions of dollars moving away from DES, or the Data Encryption Standard, which enjoyed widespread use until cryptographers uncovered significant weaknesses that allowed it to be cracked using practical attacks.

Related-key attacks require a message to be encrypted with one key that is later changed to one or more different keys. It's usually hard for an outsider to control what keys get used, so the technique is considered hard to carry out under real-world settings.

Still, the findings have the surprising effect of making 256-bit AES less hardened than the 192-bit version. The related-key attack doesn't work on either AES-192 or AES-128.

The attack builds off of previous research that described a way to infer clues about keys used in AES by employing what's known as boomerang switching techniques to infer clues about the keys used in the algorithm.

That attack is also extremely hard to carry out in practical environments, but the latest findings suggest that new data continues to chip away at the viability of the AES ciphers. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.