AES 加密算法强度被削弱

原文出处： AES加密算法强度被削弱，转载请保留原始出处。

密码学研究者在AES加密算法中发现一处弱点，这使得破解密钥的速度比以前更快了。

发现这个弱点的是三个大学中的研究人员以及微软公司，他们进行了大量的密码学分析，但这个研究结果仍然不能形成什么实际的安全威胁——这反而让人更加放心了。

研究者称，以前对AES有过许多的攻击方式，但都远没有达到这次的程度。这个新的攻击方式可以对所有版本的AES进行攻击。

但研究者表示，这并不是说用了这个算法的人马上就要悲剧了，虽然破解难度降低了四倍，但破解AES-128所需的步骤仍然是8后面加37个零。

举个例子：在一万亿台，每秒可以尝试十亿个密钥的计算机上，要超过二十亿年才能破解出一个AES-128密钥。

但这个研究结果是对AES的首个理论破解。密码学家们已经在这方面做出了很大的努力，但目前只取得了很有限的成果：AES-128的10轮中只攻破7轮，AES-192的12轮中只攻破8轮，AES-256的14轮中只攻破8轮。

AES encryption is cracked

CRYPTOGRAPHY RESEARCHERS have identified a weakness in the Advanced Encryption Standard (AES) security algorithm that can crack secret keys faster than before.

The crack is the work of a trio of researchers at universities and Microsoft, and involved a lot of cryptanalysis - which is somewhat reassuring - and still does not present much of a real security threat.

Andrey Bogdanov, from K.U.Leuven (Katholieke Universiteit Leuven), Dmitry Khovratovich, who is full time at Microsoft Research, and Christian Rechberger at ENS Paris were the researchers and it was Bogdanov that contacted The INQUIRER.

Although there have been other attacks on the key based AES security system none have really come close, according to the researchers. But this new attack does and can be used against all versions of AES.

This is not to say that anyone is in immediate danger and, according to Bogdanov, although it is four times easier to carry out it is still something of an involved procedure.

Recovering a key is no five minute job and despite being four times easier than other methods the number of steps required to crack AES-128 is an 8 followed by 37 zeroes.

"To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key," the Leuven University researcher added. "Because of these huge complexities, the attack has no practical implications on the security of user data." Andrey Bogdanov told The INQUIRER that a "practical" AES crack is still far off but added that the work uncovered more about the standard than was known before.

"Indeed, we are even not close to a practical break of AES at the moment. However, our results do shed some light into the internal structure of AES and indicate where some limits of the AES design are," he said.

He added that the advance is still significant, and is a notable progression over other work in the area.

"The result is the first theoretical break of the Advanced Encryption Standard - the de facto worldwide encryption standard," he explained. "Cryptologists have been working hard on this challenge but with only limited progress so far: 7 out of 10 for AES-128 as well as 8 out of 12 for AES-192 and 8 out of 14 rounds for AES-256 were previously attacked. So our attack is the first result on the full AES algorithm."

Bogdanov added that the crack works on all versions of AES and dispelled some myths about the technology as well.

"Unlike previous results on AES, we do not need any related keys which was a very strong and unrealistic assumption about the power of the attacker," he explained.

"Our attacks work in the classical single-key setting and, thus, apply in every context, however, with huge complexities so far. The practical consequence is that the effective key length of AES is about 2 bits shorter than expected - it is more like AES-126, AES-190, and AES-254 instead of AES-128, AES-192, and AES-256. We think it is a significant step toward the understanding of the real security of AES."

The attack has been confirmed by the creators of AES, Dr Joan Daemen and Professor Dr Vincent Rijmen, who also applauded it.