Content deleted Content added
Reverting edit(s) by 80.96.21.160 (talk) to rev. 1259686947 by OverlordQ: Vandalism (UV 0.1.6) |
TommyGundam (talk | contribs) m →Known attacks: actually tao and wu's 2015 paper improved the time complexity from 2^126.2 to 2^126.01 on aes-128, thus adding the word "approximately" for better accuracy |
||
Line 151:
The first [[key-recovery attack]]s on full AES were by Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger, and were published in 2011.<ref>{{Cite book |chapter=Biclique Cryptanalysis of the Full AES |title=Advances in Cryptology – ASIACRYPT 2011 |last=Bogdanov |first=Andrey |volume=7073 |pages=344-371 |last2=Khovratovich |first2=Dmitry |last3=Rechberger |first3=Christian |doi=10.1007/978-3-642-25385-0_19 |series=Lecture Notes in Computer Science |date=2011 |editor-first1=Dong Hoon |editor-last1=Lee |editor-first2=Xiaoyun |editor-last2=Wang |isbn=978-3-642-25385-0}}</ref> The attack is a [[biclique attack]] and is faster than brute force by a factor of about four. It requires 2<sup>126.2</sup> operations to recover an AES-128 key. For AES-192 and AES-256, 2<sup>190.2</sup> and 2<sup>254.6</sup> operations are needed, respectively. This result has been further improved to 2<sup>126.0</sup> for AES-128, 2<sup>189.9</sup> for AES-192, and 2<sup>254.3</sup> for AES-256 by Biaoshuai Tao and Hongjun Wu in a 2015 paper,<ref name=":0">{{cite book |first=Biaoshuai |last=Tao |title=Information Security and Privacy |volume=9144 |pages=39–56 |first2=Hongjun |last2=Wu |chapter=Improving the Biclique Cryptanalysis of AES |date=2015 |doi=10.1007/978-3-319-19962-7_3 |series=Lecture Notes in Computer Science |isbn=978-3-319-19962-7 |editor-first1=Ernest |editor-last1=Foo |editor-first2=Douglas |editor-last2=Stebila}}</ref> which are the current best results in key recovery attack against AES.
This is a very small gain, as a 126-bit key (instead of 128 bits) would still take billions of years to brute force on current and foreseeable hardware. Also, the authors calculate the best attack using their technique on AES with a 128-bit key requires storing 2<sup>88</sup> bits of data. That works out to about 38 trillion terabytes of data, which was more than all the data stored on all the computers on the planet in 2016.<ref>{{cite web |author=Jeffrey Goldberg |title=AES Encryption isn't Cracked |url=https://blog.agilebits.com/2011/08/18/aes-encryption-isnt-cracked/ |access-date=30 December 2014 |url-status=dead |archive-url=https://web.archive.org/web/20150108165723/https://blog.agilebits.com/2011/08/18/aes-encryption-isnt-cracked/ |archive-date=8 January 2015 |date=2011-08-18}}</ref> A paper in 2015 later improved the space complexity to 2<sup>56</sup> bits,<ref name=":0"/> which is 9007 terabytes (while still keeping a time complexity of approximately 2<sup>126
According to the [[Edward Snowden#Surveillance disclosures|Snowden documents]], the NSA is doing research on whether a cryptographic attack based on [[Kendall tau rank correlation coefficient|tau statistic]] may help to break AES.<ref>{{cite news |url=http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html |title=Inside the NSA's War on Internet Security |author=((SPIEGEL ONLINE, Hamburg, Germany)) |date=28 December 2014 |newspaper=SPIEGEL ONLINE |access-date=4 September 2015 |url-status=live |archive-url=https://web.archive.org/web/20150124202809/http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html |archive-date=24 January 2015}}</ref>
| |||