Re: XLS Attack on AES (Rijndael)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: XLS Attack on AES (Rijndael)
From: Michael Sierchio <kudzu@xxxxxxxxxxxx>
Date: Fri, 24 Oct 2003 14:41:22 -0700
In-reply-to: <200310240202.h9O223MR014266@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <200310240202.h9O223MR014266@xxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624

latte1@xxxxxxxxxxxx wrote:

I read, some time ago, about a new form of attack on
the AES algorithm: Rijndael...

Since then I have not heard any more about it, so I
was wondering what the latest thoughts on this method
are ? Is is currently being researched, etc, etc...


Largely FUD (or FUDGE, if you will), and the inference drawn (AESbroken)
is unwarranted.  Robshaw and Murphy seem to be voicing an aesthetic
objection to the marked linearity in the diffusion layer -- even though
they clearly state that this offers no clear advantage to conventional
linear and differential cryptanalysis.  Also note that Robshaw worked
on RSA's finalist candidate (RC6) for AES, though he appears never to
have been given adequate credit.

The question to ask is:  How well does Rijndael meet the design goals
established by the NIST?"  And the answer, quite simply, is: "very well."

Follow-Ups:
- Re: XLS Attack on AES (Rijndael)
  - From: Christian Ruediger Bahls

References:
- XLS Attack on AES (Rijndael)
  - From: latte1

Prev by Date: Re: Internet Explorer and Opera local zone restriction bypass
Next by Date: SiteKiosk terminal software
Previous by thread: XLS Attack on AES (Rijndael)
Next by thread: Re: XLS Attack on AES (Rijndael)
Index(es):
- Date
- Thread