> On 5/10/06, John R. Black <John.Black colorado.edu> wrote:
> >I skimmed this. The start of the article says that
after 3 rounds AES
> >achieves perfect diffusion?!
>
> No, it says their old ASD could not distinguish
encrypted data from
> random after 3 rounds.
>
> --
> Taral <taralxgmail.com>
> "You can't prove anything."
> -- Gödel's Incompetence Theorem
----- End forwarded message -----
I was refering to this statement from the article:
Data inputs with a single-bit difference spread over the
entire data
block or key and encrypted with the AES cannot be
distinguished from
random after more than 2 rounds, which made many
cryptographers
believe for many years that 3 rounds of the AES achieve
complete
diffusion.
I don't think any cryptographer believed for 10 seconds
that AES achieved
"complete diffusion" after three rounds if that
means it "cannot be
distinguished from random." There is not only a
distinguishing attack on
_FOUR_ rounds of AES, but a key-recovery attack. And it was
given in the
Rijndael spec, so certainly was known before the AES was
even named.
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
|