Doing a Time-Travel with the NIST (AES-256)
Santosh Pandit
Regulator ? Creator of “Hard.Email” ? Author of “Cyber Landscape in 2035” ?
For those into cryptography:
Today (23 December 2024), I find myself "time-travelling" alongside NIST, which has already published its proposal dated 24 December 2024 to “Standardize a Wider Variant of AES”. Shall we embrace this little oversight in the spirit of Christmas? I am just teasing. I love the work the folks at NIST do.
Potential confusion:
Some of you (and possibly your management) might find the announcement confusing. After all, AES-128 and AES-256 already exist, with the latter widely regarded as robust enough that no current computer can break it.
NIST’s proposal to widen AES-256 introduces a potential source of confusion, so let me explain what is happening in simple terms.
Currently, AES-128 and AES-256 refer to algorithms with 128-bit and 256-bit key sizes, respectively. However, both use a block size of 128 bits. NIST’s proposal involves doubling the block size to 256 bits for AES-256.
Advantages:
NIST’s proposal offers several potential benefits, including:
? Enhanced security against cryptanalytic attacks.
? Future-proofing encryption standards.
? Improved efficiency due to larger block sizes.
It is also great to see NIST engaging transparently with stakeholders in this process.
领英推荐
Potential Trouble:
However, there are practical concerns to address:
1) Hardware limitations: Many devices have native support for AES with 128-bit blocks. These devices could either become obsolete or experience slower processing speeds with the new standard.
2) Compatibility issues: Without software updates, systems relying on existing AES implementations may encounter problems.
3) Cryptanalysis: It is essential to rigorously test the new standard. We cannot simply assume that “twice the block size means twice the security”.
But why fix what is not broken?
This might be a valid question in life, but it does not apply to cryptography. Encryption algorithms must stay ahead of advances in cryptanalysis. Any initiative that strengthens cryptographic resilience deserves our support.
My recommendations:
This proposal is still a work in progress, and stakeholders should actively engage with NIST to contribute to its development.
Personally, I have preferred the CHACHA20 stream cipher over AES block cipher for years (a topic for another time), and I do not plan to switch back to a wider AES just yet. However, Cryptoagility - the ability to adapt to new cryptographic standards—is far more critical than personal preferences, and I strongly support this principle.
Santosh Pandit
London, 23 December 2024
Helping vendors, ISV, and end-users to design and deploy quantum secure encryption perimeters.
2 个月chalk one up for Cyberagility! Great share, Santosh.