Re: [Cfrg] A little room for AES-192 in TLS?

Joan Daemen <jda@noekeon.org> Tue, 17 January 2017 18:28 UTC

Return-Path: <jda@noekeon.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D76CC127ABE for <cfrg@ietfa.amsl.com>; Tue, 17 Jan 2017 10:28:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.101
X-Spam-Level:
X-Spam-Status: No, score=-5.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3qzEO1pBLBq for <cfrg@ietfa.amsl.com>; Tue, 17 Jan 2017 10:28:45 -0800 (PST)
Received: from ober.noekeon.org (ober.noekeon.org [91.134.133.203]) by ietfa.amsl.com (Postfix) with ESMTP id D3662129424 for <cfrg@irtf.org>; Tue, 17 Jan 2017 10:28:44 -0800 (PST)
Received: by ober.noekeon.org (Postfix, from userid 33) id 0B15222361; Tue, 17 Jan 2017 19:28:43 +0100 (CET)
To: cfrg@irtf.org
X-PHP-Originating-Script: 0:rcube.php
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 17 Jan 2017 19:28:43 +0100
From: Joan Daemen <jda@noekeon.org>
Mail-Reply-To: jda@noekeon.org
In-Reply-To: <CAMm+Lwh05t6AMoRdgmMLZNsAVWAXxax84WOxMB8Cp_gBq5oZVA@mail.gmail.com>
References: <20170115205926.853FB60A6D@jupiter.mumble.net> <1484577818.5104.1.camel@quad> <D4A2A7CE.57FDF%john.mattsson@ericsson.com> <CABcZeBPGxT=9iiChy4PxD_zMHWcHU=AhCLoe7wEHHtryw2rfwg@mail.gmail.com> <D4A2B50D.7E040%kenny.paterson@rhul.ac.uk> <CAHOTMVJrHBn4AR7PCJ14xKYCVjdxF7SiswiOABX_g6A5gsQGDg@mail.gmail.com> <1484593651.5104.49.camel@quad> <1df3ba4212e44f9d8e3e6fabf8610cc0@usma1ex-dag1mb1.msg.corp.akamai.com> <1484662079.5135.49.camel@quad> <9d54608c721c465788a38e5cc8e8cac6@usma1ex-dag1mb1.msg.corp.akamai.com> <CACz1E9rZrso0184wiiK04UJnv4sBWZwtM2yYumha08Z-4n0=KQ@mail.gmail.com> <CAHOTMVLGoj7RPFQBTRu_d+kOoBfrKmi+CG+ityyW=x3G4t_AaQ@mail.gmail.com> <CAMm+Lwh05t6AMoRdgmMLZNsAVWAXxax84WOxMB8Cp_gBq5oZVA@mail.gmail.com>
Message-ID: <c185b3ee5008c559b1a42c5e298e0c74@mail.noekeon.org>
X-Sender: jda@noekeon.org
User-Agent: Roundcube Webmail/1.1.5
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/1TenINAC9ZSYRZfkNQaCw-m23UA>
Subject: Re: [Cfrg] A little room for AES-192 in TLS?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: jda@noekeon.org
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 18:28:47 -0000

Dear all,

the related-key attacks against AES were interesting from an academic 
point of view as they broke the security claim we made for Rijndael.

However, the attacks require very sophisticated manipulations of the 
secret key by the attacker. For example, even a protocol that would 
allow an attacker to add (or XOR) a value of her choice to the key 
before being used in AES would not allow mounting the attack. If you are 
interested, you can read the paper Vincent and I wrote "On the 
related-key attacks against AES" available at e.g. 
http://jda.noekeon.org/

As for including AES-192 in TLS, I don't see any benefits.

Kind regards,

Joan Daemen