Sommaire

  • Cet exposé a été présenté le 09 avril 2010.

Description

  • Orateur

    Vincent Rijmen - University of Graz

In a recent series of papers, Alex Biryukov, Dmitry Khovratovich (et al.) presented a number of related-key attacks on AES and reduced-round versions of AES. The most impressive of these were presented at Asiacrypt 2009: related-key attacks against the full AES-256 and AES-192. The publication of these attacks has led some people to question the security of AES.<br/> While we agree that the related-key attacks are valid attacks and they could have been avoided in the design, we give arguments why their practical relevance is limited.<br/> In this presentation we discuss the applicability of these attacks, and of related-key attacks in general. We model the access of the attacker to the key in the form of key access schemes and remind the listeners of the following two facts. First, as shown by Mihir Bellare and Tadayoshi Kohno, there are key access schemes that are inherently insecure. We call those key access schemes unsound and propose related-key attacks should only be considered with respect to sound key access schemes. Second, as shown by a.o. Eli Biham and Serge Vaudenay, even the presence of a sound key access scheme inevitably leads to erosion of security.

Prochains exposés

  • Predicting Module-Lattice Reduction

    • 19 décembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Paola de Perthuis - CWI

    Is module-lattice reduction better than unstructured lattice reduction? This question was highlighted as `Q8' in the Kyber NIST standardization submission (Avanzi et al., 2021), as potentially affecting the concrete security of Kyber and other module-lattice-based schemes. Foundational works on module-lattice reduction (Lee, Pellet-Mary, Stehlé, and Wallet, ASIACRYPT 2019; Mukherjee and Stephens[…]

    • Cryptography

  • Attacking the Supersingular Isogeny Problem: From the Delfs–Galbraith algorithm to oriented graphs

    • 23 janvier 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Arthur Herlédan Le Merdy - COSIC, KU Leuven

    The threat of quantum computers motivates the introduction of new hard problems for cryptography.One promising candidate is the Isogeny problem: given two elliptic curves, compute a “nice’’ map between them, called an isogeny.In this talk, we study classical attacks on this problem, specialised to supersingular elliptic curves, on which the security of current isogeny-based cryptography relies. In[…]

    • Cryptography

Voir les exposés passés
Haut de page