some time, I'm getting emails from people asking me about the possibility to decode the file INSURANCE Wikileaks, which presumably (the name it gets) is encoded using the algorithm AES256. Apart from the moral arguments, and ethical practices, derived from the wild decode a file that allegedly used to save someone's life, we can focus on studying the technical side of this issue of AES decoding, which I must say, is a matter that interests me more.
Anyway, & iquest; anyone imagine what would happen if I were to say at this point: "Gentlemen, during a sleepless night and my battery using NVIDIA cards, I managed to decode the file Wikileaks INSURANCE?. Perhaps in the door of my house found so many secret agents to monitor my movements and so many people attacking my computer systems, as journalists at the World Cup final and I do not feel like it at all do you?.
the AES algorithm
algorithm AES (Advanced Encryption satandard) , also knownor as Rijndael, is a symmetric block cipher, designed to replace the obsolete DES and optimized for the secure transmission of messages through telecommunications networks. AES is fast in both software implementations, as in the hardware and also be relatively easy to implement, requires little memory to perform the calculations. As a new encryption standard, is being used on a large scale throughout the world, which seems very interesting to the friends of conspiracy cases. The AES / Rijdael, was developed by two Belgian cryptologists called Daemen and Rijmen,when they were students at the Catholic University of Leuven.
The main difference between AES and DES it replaces, is that the AES uses a substitution-permutation network (number of substitutions and permutations, which succeed each other on an array), instead of a Feistel network . The AES uses a fixed size block of 128 bits (originally could use blocks of various sizes) and the keys can be 128, 192 and 256 bits. Like DES, the coding procedure is based on a basic operation called & ldquo; round ", which is repeated a fixed number of times depending on the size of the key. So with 128-bit keys are used 10 rounds, 12 rounds with 192-bit and 14 rounds for 256-bit keys. AES works on a structure known as the "state AES, which is simply a rearrangement of the basic block, using an array of 4 × 4 and therefore is a system that has a mathematical description policy quite simple, but for most ordinary mortals, it is easier to see it as byte operations in a data matrix.
The building blocks of AES are
SubBytes - A substitution nonlinear AES state.
ShiftRows - Make a move on the ranks of the AES state.
MixColumn - Mix AES State column, with each cell a combination of other cells.
AddRoundKey - Mix AES key state.
A AES encryption is conducting the following simple steps:
1. Initial Round:
AddRoundKey
2. R-1 Rounds:
SubBytes
ShiftRows
MixColumns
AddRoundKey
3. Final Round
SubBytes
ShiftRows
AddRoundKey
The decoding process however, is more complicated than with DES, which simply had to go back to "encrypt" a message as "encrypted" using course the same key. In the case of AES, it is necessary to define the inverse operations to ShiftRows, SubBytes and MixColumns. It should be noted that the operation AddRoundKey reverse is not required, since it is sufficient to apply again with the same key, to obtain its inverse.
REAL SECURITY AES
is said that a cryptographic system is broken whenor there is an attack faster than exhaustive search (brute force), but this attack is only theoretical, and not feasible for the amount of data, time or memory required. Some people have said that the AES is broken by the results obtained with a 64-bit key, which was conducted by distributed.net , but the reality is that only was a brute force attack a key 64-bit small, so that we can not be considered as breaking the AES.
In fact, AES, despite being a public algorithm and public use, is considerado as the NSA (National Security Agency in the U.S.) since 2003 as a secure algorithm to protect information classified SECRET using 128-bit keys and TOP SECRET, if you use 192 or 256 keys bits. Not surprising, considering the love / hate the United States Government with the ciphers that the public can have access to an encryption system deemed suitable by the NSA to protect sensitive information the highest level, which continues to raise many suspicions.
POSSIBLE ATTACKS
The most affordable way to see if it is possiblear an attack on a block encoder is to try to attack it by reducing the number of rounds used in coding. If you recall, the AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit key and 14 rounds for 256-bit keys. Until 2005, the best known attacks on reduced versions were successful with 7 rounds for 128-bit keys, 8 rounds for 192-bit keys, and 9 rounds for 256-bit keys.
However, it is also true that these attacks are evidence of a slight difference between the actual rounds and the best known attacks, so a small improvement in atappets, it might be possible to break an encryption that uses all the rounds. Clearly, the best vaccine for the problem, would increase the number of rounds without changing the algorithm. However, this solution would also have an impact on the efficiency of the algorithm and especially in the updating of hardware-based systems. It should be noted that some known successful attacks on specific implementations of AES, based in the auxiliary channel, but these attacks do not attack the algorithm itself, but a specific implementation thereof, therefore do not apply to the file decodifcaciónWikeleaks.
In this research, in 2009, Alex Biryukov and Dmitry Khovratovich, University of Luxembourg, published this interesting article, with two attacks AES encryption algorithm, which dramatically improves previous results. Khovratovich Biryukov and announced an attack on AES 256-complete, ie, with 14 rounds. The attack has a computational complexity of only 2 ^ 96 operations, ie, breaking the security of a AES256/14 would be as difficult as trying 2 ^ 96 keys. No doubt that is out of reach for most & amp; iacute; to mortals, but see a 256-bit algorithm with a strength equivalent to that of one of only 96 bits, it says a lot about the algorithm. But peace, that this statement is cheating, only works with certain key "may," ie, with a key every 34,000 million. Will Wikileaks used one of those key may voluntarily or involuntarily?. It is certainly a good question, we do not know exactly what it purports Wikileaks with this file, if you do not open one, or open only the ones who are "portrayed" in it, to give them fear.
However, another attack Biryukov and Khovratovich, although it is less "effective" as the old, works with any key and other data showing concern about the AES. AES-128/10 The attack would have a mathematical complexity of 2 ^ 123 data (keys), 2 ^ 176 in time and 2 ^ 152 in memory, so even curious, this is nothing concern at the moment. However, the attack on AES-256/14 is much more effective, since it only takes 2 ^ 119 data and time and 2 ^ 77 in memory. In other words, the AES-256 has the same strength that a theoretical AES-119/14, AES-123/10 below that obtained with the attack on a AES-128/10 and this regardless of the key being used. It is clear thatthis is still beyond the reach of computation of most mortals, but what is the scope of a superpower?, especially if we consider also that the authors say they can improve AES-256/14 the attack on a complexity of only 2 ^ 110.5?. Having said that, although the NSA said that safe for AES-128/10 SECRETS and AES-192/12 and AES-256/14 for top secret, the truth is that given the above, the AES-128 / 10 is more secure than AES-256/14 equal.
But if the above does not worry us too much, there another interesting article, dated August 19, 2009 , and signed by a reputable Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir. In this article we discuss something much more worrying on the AES-256, as attacks succeeded AES-256 / 9 with a mathematical complexity of only 2 ^ 39 operations, against a complex AES-256/10 only 2 ^ 45 and consider the AES-246/11, could have a complexity of only 2 ^ 70, all values well below those achieved by Biryukov Khovratovich.
is clear, there is talk of AES-256/14, but it is clear that there is a serious problem with the AES-256, but have only reached the 10 rounds and speculated a bit on11 rounds. Again I ask myself is this outside the scope of the NSA with all its technical and its thousands of mathematicians on staff?.
Well, to be fair, there is another trap in the plantemiento Shamir and his friends, these attacks are not practical Wikileaks file, but only from our side, because the message has clear (but do not know exactly what they are). That is, the U.S. Government, it is complicated, but not as much as us, that we have nothing to start working. The earlier attacks are called "keys related", ie it is assumed that the cryptanalyst has access to a rangeclear text, which are encoded by several different keys, which have a specific relationship between them.
seems demonstrated in the case of AES, the higher the key size, the lower the difficulty to break. Something that can mean not elected a number of rounds for the size of each key, perhaps by a compromise between safety and speed, but in the end, has been compromised versions of AES 192/12 and 256/14. The two "paper" we have reviewed above say the same thing in different words, at this point, it is safe to AES-128/10 the AES-256/14 and t & eacute; Terms strict we can consider broken, since the first results of Biryukov and Khovratovich, as its strength in certain conditions is lower than a brute force attack.
Since Bruce Shnei already recommended in his blog on July 30, 2009 , that product is used instead of AES-256/14 AES-128/10, it is curious and no less disturbing, that those responsible for Wikileaks, so concerned about security as they are, have decided to protect your file lifesaver with a broken AES-256.
If you had asked me, if seeking absolute assurance that the file would not opento within a reasonable time and my life depended on it, I had not opted for AES-256/14 nowhere near that speaking out at this point, what we consider safe, but less secure than they intended to replace DES.
" Copyleft 2010 Fernando Acero Martín. Verbatim copying, translation and distribution of this article is permitted in Entire Any digital medium, Provided this notice is preserved. Quotation is allowed. "
0 comments:
Post a Comment