Latest Tweets:
This is a tumbling log of things and thoughts that pass my way.
If you got here by accident, you may want to visit my website instead.
"
The relationship between AES-128, AES-192, and and AES-256 is more complicated, but the underlying structure is the same, so you would expect an attack on AES-128 to have an impact on AES-256 as well. Beyond that, it’s very hard to predict what form such attacks would take; otherwise those doing the predicting would be hard at work on their CRYPTO submissions. In particular, it’s hard to predict what the relative strength of the algorithms would be after such an attack.
This isn’t to say that AES-256 isn’t likely to be stronger than AES-128—most likely it is, even if there are better analytic attacks, if for no other reason than it uses more rounds—but it’s not really 2128 bits stronger in any meaningful way. Either we don’t have any attacks better than those we have now, in which case there’s no practical attack and AES-256 is just super-duper secure (but infinity * 2128 = infinity), or there are better attacks, in which case all bets are off. Much the same is true for the asymmetric algorithms.
"