[Cfrg] AES-GCM weakness

Jérémie Crenne <jeremie.crenne@univ-ubs.fr> Mon, 18 July 2011 19:46 UTC

Return-Path: <jeremie.crenne@univ-ubs.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B9721F859E for <cfrg@ietfa.amsl.com>; Mon, 18 Jul 2011 12:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.85
X-Spam-Level:
X-Spam-Status: No, score=-0.85 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ik6brRBrN8i2 for <cfrg@ietfa.amsl.com>; Mon, 18 Jul 2011 12:46:27 -0700 (PDT)
Received: from storck.univ-ubs.fr (smtp-new.ipv6.univ-ubs.fr [IPv6:2001:660:7304:9:222:19ff:fe53:31d6]) by ietfa.amsl.com (Postfix) with ESMTP id E80A621F858A for <cfrg@irtf.org>; Mon, 18 Jul 2011 12:46:26 -0700 (PDT)
Received: from JeremiePC (ARennes-353-1-38-239.w92-135.abo.wanadoo.fr [92.135.245.239]) (authenticated bits=0) by storck.univ-ubs.fr (8.14.3/8.14.3) with ESMTP id p6IJkMRB001658 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <cfrg@irtf.org>; Mon, 18 Jul 2011 21:46:24 +0200 (CEST) (envelope-from jeremie.crenne@univ-ubs.fr)
From: =?iso-8859-1?Q?J=E9r=E9mie_Crenne?= <jeremie.crenne@univ-ubs.fr>
To: <cfrg@irtf.org>
References: <mailman.0.1311004169.25609.cfrg@irtf.org>
In-Reply-To: <mailman.0.1311004169.25609.cfrg@irtf.org>
Date: Mon, 18 Jul 2011 21:46:20 +0200
Message-ID: <000001cc4583$5f371720$1da54560$@crenne@univ-ubs.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcxFYkhbmnF3M5PzRRWL3WivUaPB3AAHzpRA
Content-Language: fr
Subject: [Cfrg] AES-GCM weakness
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 19:48:16 -0000

Hi everybody, 

What is the feeling of the community about the recent potential AES-GCM
weakness due to weak keys ? I'm still considering the usage of AES-GCM to be
an attractive mode for hardware implementations. I'm a little bit concerned
about this since the "new" proposition described here would require
significant addition of logic.

http://eprint.iacr.org/2011/202
http://eprint.iacr.org/2011/326

Thanks,

Jérémie