Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rijndael Cryptanalysis Results

Posted by michael on from the numbers-game dept.

Anonymous Coward writes: "It appears by reading here that the Rijndael encryption algorithm has had more organized cryptanalysis performed against it and might not have fared too terribly well even using up to 9 rounds." Rijndael is one of the candidates for the U.S. Government's next-generation encryption standard.

5 comments

  1. The obvious has to be said... by Anonymous Coward · · Score: 3

    Since Round 2's comment period ended (go fig) the only real candidates have been Serpent and Rijndael. We've yet to see an even remotely applicable assault on Serpent as submitted, Serpent's speed has increased by a factor of 2-4 to catch up with everyone else, and in many cases leave them in the dust on raw speed, and now possibly assaults are being found on relatively beefy variants of it's only competitor, Rijndael. Looks like the underdog might get the gold afterall. Here's rootin' for da' snake in da' grass!

    1. Re:The obvious has to be said... by prizog · · Score: 2

      I'm not so sure about that. From what I could see, Rijndael was very weak even before this. 7 or 8 rounds (out of a recomended 10) could be broken. This doesn't leave a very good safety margin.

      Twofish seems to be very resistant to all known attacks, and certainly can't be counted out.

      --
      Become a FSF associate member before the low #s are used
  2. Key Escrow by OmegaDan · · Score: 1

    I think the government should have to give a key to a trusted third party so the public can sue to see their porn and copies of decss ... like they wanna do to us.

    --
    Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
  3. yeah, but it's coming from counterpane by Rebar · · Score: 1
    Will Bruce and company present the same sort of in-depth attack on their own AES candidate Twofish?

    I dunno... ever since that mistake in the code for Blowfish in the April 1994 issue of DDJ, I've kinda wondered who actually ghost-writes his code. IIRC, 32 bit addition ignoring overflow is what was called for, and in the listing it ended up being 32 bit addition and a mod(32) or some such, which set most of the bits of the register back to 0. That couldn't have helped... Anyone else catch that? In another implementation I saw, it became mod(232) which is truly strange. I guess that came from this where 2^32 becomes simply 232 if your browser doesn't render the SUP tag.

    Free and unpatented algorithms are great to have around though, and I expect to see blowfish/twofish products even after the AES winner is revealed.

  4. Rijndael Cryptanalysis result by delboy+monkey · · Score: 2

    An established attack on a reduced round version of a cypher doesn't mean the cypher is weak. A cypher must be considered in it's entirety else you are cryptanalysing a different cypher. It is accepted practise to attack reduced rounds then build on those attacks, but to imply a cypher is weak because it's six round variant can be broken in only half of eternity is misleading. (the nine round attack requires so much known text and so many related keys, it would be more practicle to mount a brute force attack)