Abstract. AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). In the case of AES-128, there is no known attack which is faster than the 2 128 complexity of exhaustive search. However, AES-192 and AES-256 were recently shown to be breakable by attacks which require 2 176 and 2 119 time, respectively. While these complexities are much faster than exhaustive search, they are completely non-practical, and do not seem to pose any real threat to the security of AES-based systems. In this paper we describe several attacks which can break with practical complexity variants of AES-256 whose number of rounds are comparable to that of AES-128. One of our attacks uses only two related keys and 2 39 time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and 2 120 time). Another attack can break a 10 round version of AES-256 in 2 45 time, but it uses a stronger type of related subkey attack (the best previous attack on this variant required 64 related keys and 2 172 time). While neither AES-128 nor AES-256 can be directly broken by these attacks, the fact that their hybrid (which combines the smaller number of rounds from AES-128 along with the larger key size from AES-256) can be broken with such a low complexity raises serious concern about the remaining safety margin offered by the AES family of cryptosystems. 1

Abstract. We present new attacks on key schedules of block ciphers. These attacks are based on the principles of related-key di erential cryptanalysis: attacks that allowbothkeys and plaintexts to bechosen with speci c di erences. We show how these attacks can be exploited in actual protocols and cryptanalyze the key schedules of a variety of algorithms, including three-key triple-DES. 1

This paper discusses issues and idiosyncrasies associated with changing passwords and keys in distributed computer systems.

Abstract. Designing a trusted and secure routing solution in an untrustworthy scenario is always a challenging problem. Lack of physical security and low trust levels among nodes in an ad hoc network demands a secure end-to-end route free of any malicious entity. This is particularly challenging when malicious nodes collude with one another to disrupt the network operation. In this paper we have designed a secure routing solution to find an end-to-end route free of malicious nodes with collaborative effort from the neighbors. We have also extended the solution to secure the network against colluding malicious nodes, which, to the best of our knowledge, is the first such solution proposed. We have also proposed a framework for computing and distributing trusts that can be used with out trusted routing protocol. Our proposed framework is unique and different from the other schemes in that it tries to analyze the psychology of the attacker and quantifies the behavior in the computational model. Extensive simulation has been carried out to evaluate the design of our protocol.