elective-stereophonic
elective-stereophonic
What if Encryption is broken? singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Author Topic: What if Encryption is broken?  (Read 1196 times)

Exehu

  • Newbie
  • *
  • Karma: +1/-0
  • Offline Offline
  • Posts: 1
    • View Profile
What if Encryption is broken?
« on: August 19, 2014, 09:25:47 pm »

blockchain exists for ever, what if encryption is broken smeday.  From wiki:

AES has a fairly simple algebraic description. In 2002, a theoretical attack, termed the "XSL attack", was announced by Nicolas Courtois and Josef Pieprzyk, purporting to show a weakness in the AES algorithm due to its simple description. Since then, other papers have shown that the attack as originally presented is unworkable; see XSL attack on block ciphers.

On July 1, 2009, Bruce Schneier blogged about a related-key attack on the 192-bit and 256-bit versions of AES, discovered by Alex Biryukov and Dmitry Khovratovich, which exploits AES's somewhat simple key schedule and has a complexity of 2119. In December 2009 it was improved to 299.5. This is a follow-up to an attack discovered earlier in 2009 by Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolić, with a complexity of 296 for one out of every 235 keys.

Another attack was blogged by Bruce Schneier on July 30, 2009 and released as a preprint on August 3, 2009. This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is against AES-256 that uses only two related keys and 239 time to recover the complete 256-bit key of a 9-round version, or 245 time for a 10-round version with a stronger type of related subkey attack, or 270 time for an 11-round version. 256-bit AES uses 14 rounds, so these attacks aren't effective against full AES.

In November 2009, the first known-key distinguishing attack against a reduced 8-round version of AES-128 was released as a preprint.  This known-key distinguishing attack is an improvement of the rebound or the start-from-the-middle attacks for AES-like permutations, which view two consecutive rounds of permutation as the application of a so-called Super-Sbox. It works on the 8-round version of AES-128, with a time complexity of 248, and a memory complexity of 232.

In July 2010 Vincent Rijmen published an ironic paper on "chosen-key-relations-in-the-middle" attacks on AES-128.

The first key-recovery attacks on full AES were due to Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger, and were published in 2011. The attack is a biclique attack and is faster than brute force by a factor of about four. It requires 2126.1 operations to recover an AES-128 key. For AES-192 and AES-256, 2189.7 and 2254.4 operations are needed, respectively.
Logged

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: What if Encryption is broken?
« Reply #1 on: August 19, 2014, 09:35:51 pm »

Thank you for those updates. :)

If something seriously happens, we will need to change the algos.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: What if Encryption is broken?
« Reply #2 on: August 19, 2014, 09:46:24 pm »

blockchain exists for ever, what if encryption is broken smeday.  From wiki:

Unlikely. Nxt Crypto (curve25519)  will be broken long before AES is broken, which I believe will never be broken -- not just in our lifetime but even after that.

None of these quotes show AES can be broken:

Quote
AES has a fairly simple algebraic description. In 2002, a theoretical attack, termed the "XSL attack", was announced by Nicolas Courtois and Josef Pieprzyk, purporting to show a weakness in the AES algorithm due to its simple description. Since then, other papers have shown that the attack as originally presented is unworkable; see XSL attack on block ciphers.

The bold part says it all.

For example,  2007 paper shows this attack doesn't work. http://link.springer.com/chapter/10.1007%2F978-3-540-74619-5_16


Quote
On July 1, 2009, Bruce Schneier blogged about a related-key attack on the 192-bit and 256-bit versions of AES, discovered by Alex Biryukov and Dmitry Khovratovich, which exploits AES's somewhat simple key schedule and has a complexity of 2119. In December 2009 it was improved to 299.5. This is a follow-up to an attack discovered earlier in 2009 by Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolić, with a complexity of 296 for one out of every 235 keys.

See "Related-key". No one should implement encryption where related (very similar keys)  are used to encrypt terabytes of data. This attack only works with incorrect implementation.

Quote
Another attack was blogged by Bruce Schneier on July 30, 2009 and released as a preprint on August 3, 2009. This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is against AES-256 that uses only two related keys and 239 time to recover the complete 256-bit key of a 9-round version, or 245 time for a 10-round version with a stronger type of related subkey attack, or 270 time for an 11-round version. 256-bit AES uses 14 rounds, so these attacks aren't effective against full AES.

Related keys and reduced rounds of AES. So this attack doesn't work either correct AES implementation.

Quote
In November 2009, the first known-key distinguishing attack against a reduced 8-round version of AES-128 was released as a preprint.  This known-key distinguishing attack is an improvement of the rebound or the start-from-the-middle attacks for AES-like permutations, which view two consecutive rounds of permutation as the application of a so-called Super-Sbox. It works on the 8-round version of AES-128, with a time complexity of 248, and a memory complexity of 232.

Reduced rounds version isn't an attack against AES, and 5 years old attack which apparently  no one was able to improve even by one round in 5 years. There is plenty of safety margin. 

Quote
In July 2010 Vincent Rijmen published an ironic paper on "chosen-key-relations-in-the-middle" attacks on AES-128.

This isn't serious but a joke/humor paper by creator of AES, http://eprint.iacr.org/2010/337.pdf

Quote
The first key-recovery attacks on full AES were due to Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger, and were published in 2011. The attack is a biclique attack and is faster than brute force by a factor of about four. It requires 2^126.1 operations to recover an AES-128 key. For AES-192 and AES-256, 2^189.7 and 2^254.4 operations are needed, respectively.

This is the only real attack against full AES but there are serious problems: 2^126, 2^189.7 , and  2^254.4 are all in the safe zone. The attack has data complexity 2^88 bits, so the attacker not only needs  300 trillion terabyte of hard drive, but given hard drive access is slower, the attack despite requiring slightly lower operations might be slower than brute force. 

So after 15 years of cryptanalysis there are actually zero attacks that are faster than brute force in practice.
« Last Edit: August 19, 2014, 09:55:24 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

rstanaford

  • Jr. Member
  • **
  • Karma: +8/-1
  • Offline Offline
  • Posts: 37
    • View Profile
Re: What if Encryption is broken?
« Reply #3 on: August 19, 2014, 10:12:24 pm »

Not to mention that if current crypto was anything other than unbreakable, there would be no need for the NSA to create malware which exploits routers and rewrites firmware to weaken the crypto and collude with the likes of RSA, Microsoft, Google, et all to embed mechanisms to circumvent it.
Logged
 

elective-stereophonic
elective-stereophonic
assembly
assembly