While the headline was a bit of FUD to get you to read this, it is true that a team of Microsoft and Dutch researchers have released a report detailing a theoretical attack on the Advanced Encryption Standard (AES). The attack, to be presented at ASIACRYPT 2011 in early December, utilizes a complex process known as biclique analysis that advances a technique that originally targeted just hashing algorithms.
NIST originally commissioned AES in a 1997 competition that resulted in fifteen candidate algorithms. Based on research within the crypto community, NIST further downselected to five candidates – MARS, RC6, Rijndael, Serpent and Twofish. NIST ultimately accepted Rijndeal as the Advanced Encryption Standard. The stated goal during the competition was to specify “an encryption algorithm(s) capable of protecting sensitive government information well into the next century.” This latest research, while not viewed as a major vulnerability, is still a chink in what was originally thought to be a highly secure algorithm. According to published reports, Joan Daemen and Vincent Rijmen (who created AES) have acknowledged the validity of this attack.
AES, specified in Federal Information Processing Standard (FIPS) 197, has been adopted by the U.S. Government and many corporate entities for securing highly sensitive information. In particular, NSA has specified AES as part of its Suite B cryptography framework. Under Suite B, AES with 128-bit keys can be used to secure information up to the SECRET level and AES with 256-bit keys can be used to secure information up to the TOP SECRET level. This latest attack could call those key lengths into question. For those entities that have deployed AES, a review of their implementation might be appropriate. If increasing key length isn’t possible, other compensating controls might be in order. As Bruce Schneier pointed out in his coverage (quoting an NSA source), “[a]ttacks always get better; they never get worse.”