Cryptologists have now developed even more sophisticated attacks on AES encryption systems. According to crypto expert Bruce Schneier, a team consisting of Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich and Adi Shamir have managed to crack reduced versions of AES-256 in practical length of time. Attacking nine-round AES-256 required 239 time, which is even feasible with an ordinary PC, while ten-round would require 245. The time required for eleven rounds, however, is just above practicality at 270. The attack exploits a vulnerability in the key schedule, a function AES-256 uses to derive sub-keys from the main key.
While the new attacks represent major progress in the cryptanalysis of AES, they are still irrelevant for attacks against real-world AES implementations and this is not only because of the reduced number of rounds (by default, AES-256 uses 14 rounds). Also, the attack is a related-key attack, which means that the attacker must have access to the plaintext of several units of ciphertext encrypted with keys that are related in a specific way. Such scenarios can theoretically only be found, for example, in hard disk encryption and network protocols, where the individual block keys are generated in such a weak way.

The link for this article located at H Security is no longer available.