The AES 256 2^119 attack

---

• From: Jean-Marc Desperrier <jmdesp@xxxxxxxxxxxxx>
• Date: Fri, 17 Jul 2009 20:06:38 +0200

---

Hi,

Until now, I really couldn't understand how the AES attack could be more effective for AES 256 than for AES 128.

There's a comment on Schneier blog that starts to offer an explanation :
AES-192 & 256 are 'intentionally' weakened in the key expansion
phase... The original Rijndael versions use 192-bit and 256 bit
block sizes (a 192b key MATCHes with a 192b block & the 256b
key MATCHes with a 256b block)

So the trouble is that AES 128's key size matches it's block size, so there' no adaptation to do, but for AES 192 and 256 there's an adaptation needed to use a 192/256 key with a 128 bits block size, and that's the part that's broken ?
.

---

• Follow-Ups:
  • Re: The AES 256 2^119 attack
    • From: Tom St Denis
  • Re: The AES 256 2^119 attack
    • From: biject

• Prev by Date: Re: 112-bit prime ECDLP solved
• Next by Date: Re: example primes for blum-blum-shub
• Previous by thread: Re: k4
• Next by thread: Re: The AES 256 2^119 attack
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2009-07