Vulnerabilities

On July 1, 2009, Bruce Schneier blogged about a related-key attack on the 192-bit and 256-bit versions of AES, discovered by Alex Biryukov and Dmitry Khovratovich, which exploits AES's somewhat simple key schedule and has a complexity of 2119

(Not confirmed) XSL attack:
The XSL attack is a method of cryptanalysis for block ciphers. The attack was first published in 2002 by researchers Nicolas Courtois and Josef Pieprzyk. It has caused some controversy as it was claimed to have the potential to break the AES cipher faster than an exhaustive search. Since AES is already widely used in commerce and government for the transmission of secret information, finding a technique that can shorten the amount of time it takes to retrieve the secret message without having the key could have wide implications.

In overview, the XSL attack relies on first analysing the internals of a cipher and deriving a system of quadratic simultaneous equations. These systems of equations are typically very large, for example 8000 equations with 1600 variables for the 128-bit AES. Several methods for solving such systems are known. In the XSL attack, a specialized algorithm, termed XSL (eXtended Sparse Linearisation), is then applied to solve these equations and recover the key. As it wasn’t confirmed, this attack to AES is only theoretical but it can become possible in the future