How broken is broken?

The Register runs an article with the title “AES crypto broken by ‘groundbreaking’ attack“. Inside the said article they have the following quote:

This technique is a divide-and-conquer attack. To find an unknown key, they partition all the possible keys into a set of groups. This is possible because AES subkeys only have small differences between rounds. They can then perform a smaller search for the full key because they can reuse partial bits of the key in later phases of the computation.

It’s impressive work but there’s no better cipher to use than AES for now.

So, it’s broken, but not really broken? Is that confusing or what? If not, you are probably versed in the field of cryptography. For the rest of us, there is a very useful update at the bottom of the article, which clears up some confusion:

Vulture Central has been deluged with missives from outraged readers complaining about the use of the word “broken” in the headline. “Broken” in cryptography is the result of any attack that is faster than brute force. The biclique technique described here allows attackers to recover keys up to five times faster than brute-force. AES may not be completely broken, but it’s broken nonetheless.

Today I’ve learned something new.

Leave a Comment