Questions tagged [biclique-attack]

A biclique attack is a variant of the meet-in-the-middle (MITM) method of cryptanalysis.

A biclique attack is a variant of the meet-in-the-middle (MITM) method of cryptanalysis. It utilizes a biclique structure to extend the number of possibly attacked rounds by the MITM attack. Since biclique cryptanalysis is based on MITM attacks, it is applicable to both block ciphers and (iterated) hash-functions.

Biclique attacks are known for having broken both full AES and full IDEA, though only with slight advantage over brute force. It has also been applied to the KASUMI cipher and preimage resistance of the Skein-512 and SHA-2 hash functions.

3 questions

votes

1 answer

Does the Biclique attack on AES pose a credible risk to its security?

I have heard a lot about the biclique cryptanalysis research on AES, which as far as I know is the closest anyone has got to breaking AES. Exactly how close did they get? Does this attack propose a credible risk to my using AES today? Exactly how…

asked Apr 21 '12 at 17:05

goldroger

1,737
8
33
41

votes

1 answer

How was the complexity of the Biclique Attack calculated?

The abstract of the Biclique Attack paper claims: The first key recovery attack on the full AES-128 with computational complexity $2^{126.1}$. What does $2^{126.1}$ mean in this context? And where does this value come from?

cryptanalysis aes biclique-attack

asked Apr 29 '12 at 15:57

goldroger

1,737
8
33
41

votes

1 answer

Can you explain what the AES paper means by "sharing active S-boxes"?

I am reading the "Biclique cryptanalysis of the full AES" paper. What do they mean by "sharing active S-boxes"? How can this concept can be advantageous to make a bicycle? If there is someone who reads this paper, please explain it to me.

aes cryptanalysis biclique-attack

asked Jul 18 '13 at 16:12

wrya karim