In the Cryptographers Panel session at the RSA Conference Tuesday, Adi Shamir said that he is working with a team of researchers who have put together a paper that describes an attack that will break AES 128 within 10 rounds.
“And if you go to AES 256, we can break the entire cryptosystem,” Shamir said.
AES has three key sizes: 128-bit, 192-bit and 256-bit. Researchers in the past have developed related-key attacks against the 192-bit and 256-bit versions of AES, but the attacks aren’t considered practical. The new attack against 128-bit AES is much more feasible.
Shamir, one of the inventors of the RSA algorithm, was speaking on the panel with Ron Rivest, Brian Snow of the National Security Agency, Martin Hellman of Stanford University, Whit Diffie, and Ari Juels of RSA Security. The panel, which is an annual event at the RSA Conference, usually provides some of the more interesting anecdotes of the conference, and this year’s was no exception.
In addition to the work against AES, which is the encryption standard used in many cryptosystems today, Rivest said that he expects 1024-bit RSA encryption to be broken relatively soon.
“I expect that RSA 1024 will be broken within a decade,” Rivest said. “People should start moving to 2048 soon.”
Rivest, a professor at MIT who worked with Shamir and Len Adleman to design the original RSA algorithm, also said that he still gets email and calls from people wanting to use the MD5 hash function, which he designed in 1991. MD5 was widely used, but has been shown to have several weaknesses in recent years.
“I always say to them, ‘Don’t you understand that MD5 is an extinct hash function? It’s dead,’” Rivest said.
Juels, chief scientist at RSA Labs, moderated the panel and asked all of the speakers whether they had ever done anything foolish.
“I’ve rarely done anything else,” Diffie said, which got a nice laugh from the crowd.
Hellman took the question a bit more seriously, but essentially echoed Diffie’s answer, saying that his original research with Diffie in the 1970s that led to the invention of public-key cryptography was looked at as a black hole when they started it.
“I was told by all of my colleagues that cryptography was a waste of time. The NSA had a massive budget, we didn’t know how big at the time, and they had been working on the problem for decades. We were told there’s no way we’d discover anything that they hadn’t already found, and if we did, they’d classify it,” Hellman said.