<<< Date Index >>>     <<< Thread Index >>>

Re: XLS Attack on AES (Rijndael)



latte1@xxxxxxxxxxxx wrote:
I read, some time ago, about a new form of attack on
the AES algorithm: Rijndael...

Since then I have not heard any more about it, so I
was wondering what the latest thoughts on this method
are ? Is is currently being researched, etc, etc...

Largely FUD (or FUDGE, if you will), and the inference drawn (AESbroken)
is unwarranted.  Robshaw and Murphy seem to be voicing an aesthetic
objection to the marked linearity in the diffusion layer -- even though
they clearly state that this offers no clear advantage to conventional
linear and differential cryptanalysis.  Also note that Robshaw worked
on RSA's finalist candidate (RC6) for AES, though he appears never to
have been given adequate credit.

The question to ask is:  How well does Rijndael meet the design goals
established by the NIST?"  And the answer, quite simply, is: "very well."