First Flaw Reportedly Found in Advanced Encryption Standard

Computer scientists from European universities and Microsoft Research have found a weakness in the Advanced Encryption Standard (AES) algorithm. Andrey Bogdanov from Katholieke Universiteit Leuven in Belgium, Christian Rechberger from L’École Normale Supérieure in Paris, and Dmitry Khovratovich from Microsoft Research say that the discovered flaw makes the recovery of the secret AES encryption key somewhat easier than anticipated by AES’s developers.

The researchers designed an attack on the AES as part of a long-term cryptanalysis project while Bogdanov and Rechberger were visiting scholars at Microsoft Research. Their attack applies to all versions of AES even if it used with a single encryption key, and shows that finding the AES key is four times easier than previously believed.

The AES is a widely used tool for heavy-duty computer security. It is used in more than 1,700 products validated by the U.S. National Institute of Standards and Technology (NIST), and thousands of others. AES has also been standardized by NIST, ISO, and IEEE and approved by the U.S. National Security Agency for protecting secret and top secret information.

Even at one-fourth of the anticipated effort, breaking the AES key would still be a monumental, if not insurmountable, job. The researchers calculate that it would require a trillion machines that each could test a billion keys per second, running for more more than two billion years, to recover a 128-bit AES key. Current large-scale corporate computers could test at most 10 million keys per second.

Read more: Univ. Research Leads to Mobile Transaction Security Advances

Photo: kosheahan/Flickr

*     *     *