Fem kryptoforskare vid namn Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, samt Adi Shamir har hittat en ny attack mot AES. Attacken går ut på en såkallad related-key attack då bl.a. klartexten måste kännas till. Denna attack gäller bara 11-rounds av AES-256 varav det som rekommenderas är 14-rounds.

Kryptoexperten Bruce Schneier skriver följande:

Cryptography is all about safety margins. If you can break n round of a cipher, you design it with 2n or 3n rounds. What we’re learning is that the safety margin of AES is much less than previously believed. And while there is no reason to scrap AES in favor of another algorithm, NST should increase the number of rounds of all three AES variants. At this point, I suggest AES-128 at 16 rounds, AES-192 at 20 rounds, and AES-256 at 28 rounds. Of maybe even more; we don’t want to be revising the standard again and again.

Här kan du läsa all information: http://eprint.iacr.org/2009/374