![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Bruce Schneier is one of eight designers of Skein, an entrant for the NIST SHA-3 competition. It's extremely robust, and has proven very difficult to attack.
Which is why a group of very clever cryptanalysts invented a completely new type of cryptanalytic attack to use against Threefish, the block cipher underlying Skein. The crypto community is still trying to figure out how the new attack changes the crypto landscape.
Brilliant as it is, though, the new "known-key distinguisher attack" still didn't really work. It was able to distinguish between a reduced-round — 57 of 72 rounds — Threefish ciphertext and a random permutation, but doesn't actually recover any key bits, requires that the attacker be able to manipulate both plaintexts and keys "in a structured way", and is only marginally faster than a brute-force attack. Even then, it can only distinguish Threefish ciphertext, and doesn't actually affect Skein itself (yet). Further, Schneier and the other Skein designers were able to identify a way to block the new attack by changing a single constant in Threefish's key schedule, which prevents the attack from being able to distinguish between Threefish ciphertext and random permutation beyond 33 of 72 Threefish rounds, and have made that change as a second-round tweak permitted by the NIST.
Still, it illustrates a point: Both cryptography and cryptanalysis only get better over time. When you run into a problem where none of the existing tools work, the truly clever cryptologist devises a new tool.
no subject
no subject