Re: [Cfrg] matching AES security

Andrey Jivsov <crypto@brainhub.org> Fri, 01 August 2014 02:26 UTC

Return-Path: <crypto@brainhub.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0CC01A03A6 for <cfrg@ietfa.amsl.com>; Thu, 31 Jul 2014 19:26:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53iMsog4g64p for <cfrg@ietfa.amsl.com>; Thu, 31 Jul 2014 19:26:44 -0700 (PDT)
Received: from qmta09.emeryville.ca.mail.comcast.net (qmta09.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:96]) by ietfa.amsl.com (Postfix) with ESMTP id 25F651A03A1 for <cfrg@irtf.org>; Thu, 31 Jul 2014 19:26:44 -0700 (PDT)
Received: from omta18.emeryville.ca.mail.comcast.net ([76.96.30.74]) by qmta09.emeryville.ca.mail.comcast.net with comcast id ZEDo1o0061bwxycA9ESkB1; Fri, 01 Aug 2014 02:26:44 +0000
Received: from [IPv6:::1] ([71.202.164.227]) by omta18.emeryville.ca.mail.comcast.net with comcast id ZESi1o00S4uhcbK8eESiRk; Fri, 01 Aug 2014 02:26:43 +0000
Message-ID: <53DAFAE2.6030003@brainhub.org>
Date: Thu, 31 Jul 2014 19:26:42 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: cfrg@irtf.org
X-Priority: 5 (Lowest)
References: <9A043F3CF02CD34C8E74AC1594475C738EFB3D63@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C738EFB3D63@uxcn10-5.UoA.auckland.ac.nz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1406860004; bh=tL/y3gf2+pzRNS2VsO7qQZJ5cN2VdagNfKqHjxAkkcU=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=viRxU/eGKV8HoRQooPJwJhHpj+46q5Bs9LOS3btQeh6BziX8N2qLh2LJwhMVYnlSj 5mJQ4hdckI9K5lR1CvPfqfgyHioT5EBsNGUqdtWgH0ezuLx4rzZfDFaB/D07/xSBsJ uXIDRiZtGgdrq7pJbaBnb+T5BFZ+jZi+wplOFuVJvb4cZ5yXOl4NFucqy17F9OE4Ic Yc8XeagkS1JizAOr9ekakMvoJ6FvYe4Et5WFSG+nh9qfiz1CZXTCmVQLNXhbGdyjR3 546IPVngns7F0/q77zvaOMd19e8muPAwkfDSw52j9deP0XbTYbQ/XQeHsQ4bGLCApD bZTMgI8Sxrt9A==
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/uUW2XUxtVx3-AxyzT06HPagawBQ
Subject: Re: [Cfrg] matching AES security
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2014 02:26:46 -0000

On 07/31/2014 07:13 PM, Peter Gutmann wrote:
> Johannes Merkle <johannes.merkle@secunet.com> writes:
>> The attack is very simple:
>> - Gather a list of 2^N cipher texts resulting from the _same_ plain text
>> encrypted under 2^N random keys.
>> - For 2^(128-N) randomly chosen (different) keys, encrypt the known plain
>> text and check if the resulting cipher text matches one of the gathered
>> cipher texts
> That attack is *conceptually* very simple, in the same way that getting humans
> to Mars is conceptually very simple:
>
> - Build a rocket capable of travelling to Mars and back.
> - Board rocket and fly to Mars.
>
> Practically, though, some of the steps are a bit tricky.
>
> Peter.
>

Besides, a well-designed protocol that uses a block cipher should 
consider including (pseudo)random IVs.