mrlazyboy t1_j1ohtkh wrote on December 26, 2022 at 2:41 AM

Reply to comment by jared555 in An IBM Quantum Computer Will Soon Pass the 1,000-Qubit Mark by giuliomagnifico

Which mode of operation?

jared555 t1_j1ombmi wrote on December 26, 2022 at 3:23 AM

https://en.m.wikipedia.org/wiki/Biclique_attack

mrlazyboy t1_j1ov2cl wrote on December 26, 2022 at 4:47 AM

That’s a theoretical attack (not practical) and it looks like it’s only applicable to ECB mode, not something like CBC or GCM

jared555 t1_j1srlsr wrote on December 27, 2022 at 2:42 AM

Isn't any attack that we don't have the computational power to test going to be theoretical?

mrlazyboy t1_j1su83d wrote on December 27, 2022 at 3:04 AM

Not necessarily, but it depends.

Anything worth securing is using AES256 with GCM so this attack in particular has a computational complexity of 2^254 which is effectively infinity. The computational complexity of this problem is probably greater than the number of atoms in the universe.

Even using a quantum computer, the computational complexity using this attack would be equivalent to AES128 which is still a number you don't have the ability to even conceptualize.

If you want practical attacks against this type of thing, you should check out the BEAST, Lucky13, and CRIME attacks. Those are practical attacks against SSL and TLS.

Practical attacks are those you can actually execute in the wild. I think CRIME (a chosen plaintext attack that takes advantage of compression) only requires about 20,000 messages which is relatively small.

maqp2 t1_j1tmlug wrote on December 27, 2022 at 8:07 AM

Yeah, the 1.6-bit improvement is roughly 3.03x improvement. It's interesting we haven't yet seen snake oil claims like "AES 66% broken". In layman's terms, it's kind of like having to eat a cake that's 1/3rd the size of our galaxy. Sure, you got rid of 2/3rds of the cake size but your stomach will only fit so much.