[cryptography] New related key attack on 13-round AES-256 in 2**76 time, memory, data
lloyd at randombit.net
Wed May 5 10:41:32 EDT 2010
New paper on eprint by Alex Biryukov and Dmitry Khovratovich,
"Feasible Attack on the 13-round AES-256"
Abstract: In this note we present the first attack with feasible
complexity on the 13-round AES-256. The attack runs in the
related-subkey scenario with four related keys, in 2**76 time, data,
I'm not sure that I would consider 2**76 chosen plaintexts to be
particularly practical or feasible; even with a 100 gigabits/second
channel it would still take centuries to collect that much data. But
an interesting result and certainly a reminder to systems designers to
be careful in avoiding related keys (for any algorithm).
More information about the cryptography