Collision Attacks Against 64-Bit Block Ciphers
We’ve long known that 64 bits is too small for a block cipher these days. That’s why new block ciphers like AES have 128-bit, or larger, block sizes. The insecurity of the smaller block is nicely illustrated by a new attack called “Sweet32.” It exploits the ability to find block collisions in Internet protocols to decrypt some traffic, even though the attackers never learn the key.
Paper here. Matthew Green has a nice explanation of the attack. And some news articles. Hacker News thread.
Leave a comment