"Luxembourg attacks" on AES encryption
A team of cryptologists at Luxembourg university have made substantial theoretical progress with attacks on the AES-192 and AES-256 encryption standards. In their paper, scientists Alex Biryukov and Dmitry Khovratovich describe how to crack an AES-256 key with a time complexity of 2^123 and an AES-192 key with a time complexity of 2^176 under certain circumstances. Due to some special characteristics, however, the attacks have no practical relevance for the security of AES-encrypted data.
"The new attacks only work based on the assumption that an attacker can manipulate the secret AES key", explains Christian Rechberger, a cryptologist at Graz University of Technology, in an interview with heise Security. An attacker may partially control the key generation process only under very rare circumstances, for example, in some low quality encryption hardware. Nevertheless, going through computations with a complexity of 2^123 is far from being practically feasible to begin with. According to the crypto expert, the latest achievement is still "the best result in eleven years and countless research projects" on AES security.
The attack on AES is the first cryptanalysis to go the full 14 rounds. Previous research has been restricted to reduced AES with a maximum of ten rounds. The new attacks were inspired by advancements in the field of cracking hash functions, explained Rechberger. Longer keys mean that an attacker potentially has more bits to manipulate, he said. According to the cryptologist, this has long been exploited in hash function attacks: "The new attacks on AES-256 are, therefore, more effective than attacks on AES-192 and are at present not applicable to AES-128 at all."
- Related Key analysis of the Full AES-192 and AES-256, scientific paper describing the new AES attacks.