Visit my homepage
and check the paper
to verify the following points:
1. Mathematically, both attacks are the same.
(this *alone* makes the renaming of AIDA into "cube" a plagiarism)
2. Precisely, by the above mentioned citation, Dinur and Shamir reveal that they understood my attack. The "special" case of having "some key bit or to the sum of two key bits" applies in praxi as well to D./Sh.'s findings. My paper treats, of course, also the general case of many linear or even quadratic terms.
3. The main difference between the AIDA paper and the "cube attack" paper seem to be the faster linearity tests. These are implementation details, to be distinguished sharply from the actual attack itself.
Also, real attacks require *lots* of hypercubes to be searched. Here, the "Wavefront Model" and applying the Fast-Reed-Muller Transform are mandatory, BLR alone does not help. See my paper "Speeding up AIDA, the Algebraic IV DIfferential Attack, by the Fast Reed-Muller Transform" in Proc. ISKE 2009, p.504-513.
* * * * * * *
He who steals a car, is a thief.
He, who then repaints it, puts on bigger tyres, and more comfortable seats, does not become the owner.
The fact that such thief already had a Rolls-Royce (RSA) and a Mercedes (DCA) in his garage (both partly owned) would not make the "taking" of the new car any more legal.
And, finally, applause for such action by by-standers blinded by the sheer beauty of the Rolls is less a sign for acquired legality but more for the perverted thinking going on in todays Crypto "community".