Paper 2003/022

Did Filiol Break AES ?

Nicolas T. Courtois, Robert T. Johnson, Pascal Junod, Thomas Pornin, and Michael Scott

Abstract

On January 8th 2003, Eric Filiol published on the eprint a paper (eprint.iacr.org/2003/003/) in which he claims that AES can be broken by a very simple and very fast ciphertext-only attack. If such an attack existed, it would be the biggest discovery in code-breaking since some 10 or more years. Unfortunately the result is very hard to believe. In this paper we present the results of computer simulations done by several independent people, with independently written code. Nobody has confirmed a single anomaly in AES, even for much weaker versions of the bias claimed by the author. We also studied the source code provided by the author to realize that the first version had various issues and bugs, and the latest version still does not confirm the claimed result on AES.

Note: Filiol modified many times his claims and his results on AES. Yet, none of these have ever been confirmed by a single person other than the author. The latest source code from July 2003 does not break AES either, see Appendix B.2.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
block ciphersAESboolean functionslinear cryptanalysisciphertext-only attacksstream ciphers
Contact author(s)
courtois @ minrank org
History
2003-07-22: last of 4 revisions
2003-02-05: received
See all versions
Short URL
https://ia.cr/2003/022
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2003/022,
      author = {Nicolas T.  Courtois and Robert T.  Johnson and Pascal Junod and Thomas Pornin and Michael Scott},
      title = {Did Filiol Break AES ?},
      howpublished = {Cryptology ePrint Archive, Paper 2003/022},
      year = {2003},
      note = {\url{https://eprint.iacr.org/2003/022}},
      url = {https://eprint.iacr.org/2003/022}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.