G. Carter et. al., Key schedule classification of the AES candidates, submission for The Second AES Conference, 1999, available at [2].  Home/Search   Document Details and Download   Summary   Related Articles

....attacks is not an intrinsic algorithm characteristic. Thus, considerations such as the above did not play a primary role in deciding advancement to Round 2; much more attention was paid to general attacks which are essentially implementation independent. 2.5. 3 Implicit Key Schedule Weaknesses In [9] an interesting theory is developed concerning the resistance of the key schedules of the candidates to attack. A more general question is the following: if an attacker gains access to a subkey (or, in some cases, a whitening key) does this yield information about other subkeys or the master key ....

....following: if an attacker gains access to a subkey (or, in some cases, a whitening key) does this yield information about other subkeys or the master key If so, this might be termed an implicit (or perhaps conditional) key schedule weakness. Unfortunately, the classification of key schedules in [9] is somewhat ill posed. Nonetheless, this theory raises an issue that has had significant consequences in practice, particularly in connection with attacks on smart card implementations. Further research on this subject would be useful. At the present time, two attacks are known which exploit ....

G. Carter et. al., Key schedule classification of the AES candidates, submission for The Second AES Conference, 1999, available at [2].

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC