Re: AES - finding bits of incomplete key

From: Michael Amling (nospam_at_nospam.com)
Date: 11/20/04

• Next message: John Savard: "Re: Factoring method?"

Date: Sat, 20 Nov 2004 20:56:14 GMT

Kevin Drapel wrote:
> Hello
>
> I have a question regarding AES (Rijndael) of 128 bits, this is a
> contest proposed in a cryptography course. Assume you have the plain
> text and the cipher text. You also have the *upper part* of the 128 bits
> key used to cipher the plain text. The least significant bits are
> missing (eg. 36 bits). I already implemented a complete brute-force
> attack and obviously, it works well but I'm wondering if knowing part of
> the key could help to design a better attack or quickly discard some
> impossible keys.
>
> Example with 36 missing bits :
>
> plaintext: 45081A3B23616B4302371D7025480C6B
> key: 0153081D794369652A13687*********

If you find a method faster than brute force for completing a partial
key a plaintext/ciphertext pair, publish it. You'll be the first.

--Mike Amling

• Next message: John Savard: "Re: Factoring method?"

Relevant Pages

• Re: encryption with pi
... >> The proposed cipher is easily broken. ... Consequently a known plain text attack can retrieve the ... 32 bits of the plain text and the their location. ...
(sci.crypt)
• AES - finding bits of incomplete key
... key used to cipher the plain text. ... the key could help to design a better attack or quickly discard some ... Example with 36 missing bits: ...
(sci.crypt)
• Re: Countering chosen-plaintext attacks
... >> attack on your cipher as proof that the cipher is safe from anyone ... > So we have a disagreement as you said. ... This is why it is called a chosen plaintext attack. ...
(sci.crypt)
• =?windows-1252?Q?Re=3A_Counteracting_Different_Attacks_by_Selective_Mea?= =?windows-1252?Q?n
...  The cipher that I have invented ... remaining attack i.e. ciphertext-only attack. ... Making my main keyet (the set of change-or-origin vectors random ... I have said just now that there are other keys also. ...
(sci.crypt)
• Re: demoing sslv2 vulns
... But SSL Strip is another attack, it's not because of the weak cipher ... Information Assurance Certification Review Board ...
(Pen-Test)