14 DAY TRIAL // Cryptography researchers have identified a weakness in the Advanced Encryption Standard (AES) which slightly reduces the complexity of an attack against the algorithm, but it's nowhere near a practical cracking solution.
The new attack was devised by Andrey Bogdanov of Katholieke Universiteit Leuven (K.U.Leuven), Belgium, Dmitry Khovratovich of Microsoft Research and Christian Rechberger of École Normale Supérieure (ENS), Paris. The three were working on a project sponsored by Microsoft Research at the time.
It is the first theoretical attack against the full AES algorithm and demonstrates that finding an AES key is four times easier than previously thought.
A different AES weaknesses found in 2009 allowed for an attack against an AES implementation that used four keys in a way controlled by an attacker, which is an unrealistic scenario.
Even though mathematically significant, in practical terms the new research doesn't mean much. It shows that the actual AES key length is 2 bits shorter than originally believed; AES-128 is actually AES-126, AES-192 is AES-190 and AES-256 is AES-254.
But "even with the new attack, the effort to recover a key is still huge: the number of steps to find the key for AES-128 is an 8 followed by 37 zeroes," the researchers explain. It would take a trillion machines trying a billion keys per second over two billion years to recover an AES-128 key.
An average computer can currently test around 10 million keys per second and there are only one billion machines in the entire world. Nevertheless, the attack is important because it gives researchers some more insight into the theoretical limitations of AES.
AES was chosen by the US National Institute of Standards and Technology (NIST) in November 2001 at the end of a five-year competition between different cipher designs.
The winning cipher was developed by Belgian cryptographers Dr. Joan Daemen of STMicroelectronics and Prof. Vincent Rijmen of K.U.Leuven. The AES creators congratulated the research team for their new attack.