IETF Logo Mail Archive

Re: [Cfrg] A little room for AES-192 in TLS?

John Mattsson <john.mattsson@ericsson.com> Mon, 16 January 2017 15:59 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BF6312958A for <cfrg@ietfa.amsl.com>; Mon, 16 Jan 2017 07:59:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TpnD2SGOSmAJ for <cfrg@ietfa.amsl.com>; Mon, 16 Jan 2017 07:59:56 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F925129586 for <cfrg@irtf.org>; Mon, 16 Jan 2017 07:59:56 -0800 (PST)
X-AuditID: c1b4fb2d-db0c19800000646e-24-587cedfab0f5
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.183.24]) by (Symantec Mail Security) with SMTP id 46.07.25710.AFDEC785; Mon, 16 Jan 2017 16:59:54 +0100 (CET)
Received: from ESESSMB307.ericsson.se ([169.254.7.134]) by ESESSHC002.ericsson.se ([153.88.183.24]) with mapi id 14.03.0319.002; Mon, 16 Jan 2017 17:00:03 +0100
From: John Mattsson <john.mattsson@ericsson.com>
To: Leonard den Ottolander <leonard-lists@den.ottolander.nl>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] A little room for AES-192 in TLS?
Thread-Index: AQHSb3JElGWDey8IokmATVEDzKxmUaE7HjAAgAAl34A=
Date: Mon, 16 Jan 2017 15:59:13 +0000
Message-ID: <D4A2A7CE.57FDF%john.mattsson@ericsson.com>
References: <20170115205926.853FB60A6D@jupiter.mumble.net> <1484577818.5104.1.camel@quad>
In-Reply-To: <1484577818.5104.1.camel@quad>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.1.161129
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-ID: <31FD799EF2B5CA458E5E54D760A42723@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprMIsWRmVeSWpSXmKPExsUyM2K7hO6vtzURBnu/KVl0/zjIZLFj6X5m ByaPg8uOsntM3niYLYApissmJTUnsyy1SN8ugSvjzvlOloI1IhXTmrrYGhhfCHcxcnJICJhI 7O1ZwtzFyMUhJLCOUaJ/wUV2CGcJo8Sqm7uZQarYBAwk5u5pYAOxRQTiJfoutzOB2MICphIL 1l9jhIibSRy80QxVYyXxatZasBoWAVWJlUsPg8V5BcwlTu49ywpiCwlESyx7swKsl1NAW+LM iedgNYwCYhLfT60B62UWEJe49WQ+E8SlAhJL9pxnhrBFJV4+/gc2R1RAT2L58zVQcSWJFdsv Ac3kAOrVlFi/Sx9ijLXE7V2nmCFsRYkp3Q/ZIc4RlDg58wnLBEaxWUi2zULonoWkexaS7llI uhcwsq5iFC1OLS7OTTcy1kstykwuLs7P08tLLdnECIyqg1t+6+5gXP3a8RCjAAejEg/vh/s1 EUKsiWXFlbmHGCU4mJVEeONfAIV4UxIrq1KL8uOLSnNSiw8xSnOwKInzmq28Hy4kkJ5Ykpqd mlqQWgSTZeLglGpg1JWRe/vPK/rT3aUHotJDnrCK13z47HJm658t3TqGq01WZZYKzan9qyt/ 4tiSM9YLl/N96+4/fFxWL+4X+/I5q9oChbbtbjMuL1KW+XGN5Y7MPb5VAZpSByS2fXRhP5iv H9UoX2UXHlYQ42XwhfH67Mwcf4lGZsMZ33xa88/6WCzYbcBQeMVaiaU4I9FQi7moOBEAufr9 raYCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/_ACjENe8fQNE3kcZx-LoKeoC9P8>
Subject: Re: [Cfrg] A little room for AES-192 in TLS?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2017 15:59:58 -0000

Note that there are trivial generic related-key attacks on AES-192 with #K
= D = T = M = 2^96

http://dx.doi.org/10.1080/0161-118791861749

Regards,
John


On 2017-01-16, 15:43, "Cfrg on behalf of Leonard den Ottolander"
<cfrg-bounces@irtf.org on behalf of leonard-lists@den.ottolander.nl> wrote:

>On Sun, 2017-01-15 at 20:59 +0000, Taylor R Campbell wrote:
>> Only very unusual protocols ever use related keys.  In sensible
>> protocols, every key is drawn independently uniformly at random.
>
>Protocols that are designed to use related keys? I hope not!
>
>Compare http://eprint.iacr.org/2009/317 4.1 Related-key attack model:
>
>"Compared to other cryptanalytic attacks in which the attacker can manipu-
>late only the plaintexts and/or the ciphertexts the choice of the
>relation between
>secret keys gives additional degree of freedom to the attacker. The
>downside of
>this freedom is that such attacks might be harder to mount in practice.
>Still,
>designers usually try to build "ideal" primitives which can be
>automatically used
>without further analysis in the widest possible set of applications,
>protocols, or
>modes of operation. Thus resistance to such attacks is an important
>design goal
>for block ciphers, and in fact it was one of the stated design goals of
>the Rijndael
>algorithm, which was selected as the Advanced Encryption Standard."
>
>So the question remains if indeed AES-192 is inherently more resistant
>to this kind of attack (more of an "ideal primitive" in this respect)
>than AES-256 or do I read too much in the remark "the key schedule of
>AES-192 has better diffusion" in 6 Attack on AES-192?
>
>Regards,
>Leonard.
>
>-- 
>mount -t life -o ro /dev/dna /genetic/research
>
>
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email