Hydrogenaudio Forums > Possible weakness of AES

Hydrogenaudio Forums > Misc. > Off-Topic

Gecko

May 6 2003, 10:24

Dunno, if this is new, but maybe a few more people should know about it.

The AES (Advanced Encryption Standard) cipher (aka Rijndael) shows a potential weakness. See:
http://www.minrank.org/aes/

QUOTE

In a recent paper, Nicolas Courtois and Josef Pieprzyk show that Rijndael can be written as an overdefined system of multivariate quadratic equations (MQ). For example authors show that for 128-bit Rijndael, the problem of recovering the secret key from one single plaintext can be written as a system of 8000 quadratic equations with 1600 binary unknowns. Thus the security of Rijndael requires that there are no efficient algorithms for solving such systems. In a paper published at Eurocrypt 2000 Shamir et al. describe an algorithm called XL (or/and FXL) that seems to solve such systems in subexponential time.

LPTB

May 6 2003, 10:59

Yep, it's old news, see http://www.counterpane.com/crypto-gram-0209.html#1; Was published @2002 almost half a year ago.

Cobra

May 6 2003, 14:54

Yeah, and Twofish lost AES competition because "possible weakness". Guys from Counterpane say that therew is no weakness and now we see that Rijndael has possible weakness...

LPTB

May 6 2003, 16:49

Oh, just don't start this kind of thread here; this flameware is still raging in sci.crypt. XLS/XSL attack hasn't been verified yet so no need to panic just yet, if your bank feels cozy encrypting billions worth of data -> you shouldn't worry. BTW Serpent is regarded as having the same "weakness", Twofish just wasn't tested thoroughly for it. The crypto community is grown enough to say something is inadequate if it is and it hasn't said so for now.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.