Abstract
Block ciphers are one of the most important classes of cryptographic algorithms in current use. Commonly used to provide confidentiality for transmission and storage of information, they encrypt and decrypt blocks of data according to a secret key. Several recently proposed block ciphers (in particular the AES (Daemen and Rijmen in The Design of Rijndael, Springer, Berlin, 2002)) exhibit a highly algebraic structure: their round transformations are based on simple algebraic operations over a finite field of characteristic 2. This has caused an increasing amount of cryptanalytic attention to be directed to the algebraic properties of these ciphers. Of particular interest is the proposal of the so-called algebraic attacks against block ciphers. In these attacks, a cryptanalyst describes the encryption operation as a large set of multivariate polynomial equations, which—once solved—can be used to recover the secret key. Thus the difficulty of solving these systems of equations is directly related to the cipher’s security. As a result computational algebra is becoming an important tool for the cryptanalysis of block ciphers. In this paper we give an overview of block ciphers design and recall some of the work that has been developed in the area of algebraic cryptanalysis. We also consider a few computational and algebraic techniques that could be used in the analysis of block ciphers and discuss possible directions for future work.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. B. Akers, Binary decision diagrams, IEEE Trans. on Computers 27 (1978), no. 6, 509–516.
M. Albrecht, Algebraic attacks on the Courtois Toy Cipher, Master’s thesis, Diplomarbeit—Universität Bremen, 2007.
M. Albrecht and C. Cid, Algebraic techniques in differential cryptanalysis, Crypto. ePrint Arch., Rep. 2008/177, 2008, http://eprint.iacr.org/.
F. Armknecht and G. Ars, Algebraic attacks on stream ciphers with Gröbner bases, this volume, 2009, pp. 329–348.
G. Ars, Applications of Gröbner bases to cryptography, Ph.D. thesis, University of Rennes I, 2005.
G. Ars, J. C. Faugère, H. Imai, M. Kawazoe, and M. Sugita, Comparison between XL and Gröbner basis algorithms, Proc. of Asiacrypt 2004 (P. J. Lee, ed.), LNCS, vol. 3329, Springer, Berlin, 2004, pp. 338–353.
O. Billet and J. Ding, Overview of cryptanalysis techniques in multivariate public key cryptography, this volume, 2009, pp. 263–283.
A. Biryukov, Methods of cryptanalysis, Ph.D. thesis, Technion, 1999.
A.A. Biryukov and C. De Cannière, Block ciphers and systems of quadratic equations, Proc. of FSE 2003, LNCS, vol. 2887, Springer, Berlin, 2003, pp. 274–289.
A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. Robshaw, Y. Seurin, and C. Vikkelsoe, PRESENT: An ultra-lightweight block cipher, Proc. of CHES 2007, LNCS, vol. 7427, Springer, Berlin, 2007, pp. 450–466.
M. Brickenstein, Gröbner bases with slim polynomials, Reports in Comp. Alg. 35, Univ. Kaiserslautern, Kaiserslautern, 2005, http://www.mathematik.uni-kl.de/.
M. Brickenstein and A. Dreyer, PolyBoRi: A framework for Gröbner basis computations with Boolean polynomials, Elec. Proc. of MEGA 2007, 2007, http://www.ricam.oeaw.ac.at/mega2007/electronic/26.pdf.
B. Buchberger, Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal, Ph.D. thesis, Innsbruck, 1965.
B. Buchberger, Gröbner-bases: An algorithmic method in polynomial ideal theory, Multidimensional systems theory, Reidel, Dordrecht, 1985, pp. 184–232.
B. Buchberger, Bruno Buchberger’s PhD thesis 1965: An algorithm for finding the basis elements of the residue class ring of a zero dimensional polynomial ideal, J. Symb. Comput. 41 (2006), nos. 3–4, 475–511.
J. Buchmann, A. Pyshkin, and R. P. Weinmann, A zero-dimensional Gröbner basis for AES-128, Proc. of FSE 2006, LNCS, vol. 4047, Springer, Berlin, 2006a, pp. 78–88.
J. Buchmann, A. Pyshkin, and R. P. Weinmann, Block ciphers sensitive to Gröbner basis attacks, Proc. of CT-RSA 2006, LNCS, vol. 3860, Springer, Berlin, 2006b, pp. 313–331.
C. Carlet, Boolean methods and models, ch. Boolean Functions for Cryptography and Error Correcting Codes, Cambridge University Press, 2009, to appear,
C. Cid and G. Leurent, An analysis of the XSL algorithm, Proc. of ASIACRYPT 2005, LNCS, vol. 3788, Springer, Berlin, 2005, pp. 333–352.
C. Cid, S. Murphy, and M. J. B. Robshaw, An algebraic framework for cipher embeddings, Proc. of 10th IMA International Conference on Coding and Cryptography, LNCS, vol. 3796, Springer, Berlin, 2005a, pp. 278–289.
C. Cid, S. Murphy, and M. J. B. Robshaw, Small scale variants of the AES, Proc. of FSE 2005, LNCS, vol. 3557, Springer, Berlin, 2005b, pp. 145–162.
C. Cid, S. Murphy, and M. J. B. Robshaw, Algebraic aspects of the Advanced Encryption Standard, Springer, Berlin, 2007.
N. T. Courtois, How fast can be algebraic attacks on block ciphers? Tech. Report Rep. 2006/168, Crypto. ePrint Arch., 2006, http://eprint.iacr.org/.
N. T. Courtois, CTC2 and fast algebraic attacks on block ciphers revisited, Tech. Report Rep. 2007/152, Crypto. ePrint Arch., 2007, http://eprint.iacr.org/.
N. T. Courtois and G. V. Bard, Algebraic cryptanalysis of the data encryption standard, Cryptography and Coding, LNCS, vol. 4887, Springer, Berlin, 2007, pp. 152–169.
N. Courtois and J. Pieprzyk, Cryptanalysis of block ciphers with overdefined systems of equations, Cryptology ePrint Archive 2002/044, 2002a, http://eprint.iacr.org/2002/044/.
N. Courtois and J. Pieprzyk, Cryptanalysis of block ciphers with overdefined systems of equations, Proc. of ASIACRYPT 2002, LNCS, vol. 2501, Springer, Berlin, 2002b, pp. 267–287.
N. Courtois, A. Klimov, J. Patarin, and A. Shamir, Efficient algorithms for solving overdefined systems of multivariate polynomial equations, Proc. of EUROCRYPT 2000, LNCS, vol. 1807, Springer, Berlin, 2000, pp. 392–407.
N. Courtois, G. V. Bard, and D. Wagner, Algebraic and slide attacks on KeeLoq, Proc. of FSE 2008, LNCS, vol. 5086, Springer, Berlin, 2008, pp. 97–115.
J. Daemen and V. Rijmen, The design of Rijndael, Springer, Berlin, 2002.
O. Dunkelman and N. Keller, Linear cryptanalysis of CTC, Tech. Report Rep. 2006/250, Crypto. ePrint Arch., 2006, http://eprint.iacr.org/.
N. Een and N. Sorensson, MiniSat—a SAT solver with conflict-clause minimization, 2006, http://www.cs.chalmers.se/Cs/Research/FormalMethods/MiniSat/Main.html.
J. C. Faugére, A new efficient algorithm for computing Gröbner bases (F 4), J. Pure Appl. Algebra 139 (1999), nos. 1–3, 61–88.
J. C. Faugère, Gröbner bases. Applications in cryptology, Talk at FSE 2007, 2007.
J. C. Faugère, P. Gianni, D. Lazard, and T. Mora, Efficient computation of zero-dimensional Gröbner bases by change of ordering, J. Symbolic Comput. 16 (1993), no. 4, 329–344.
H. Feistel, Cryptography and computer privacy, Scientific American 228 (1973), no. 5, 15–23.
T. Jakobsen and L. R. Knudsen, The interpolation attack on block ciphers, Proc. of FSE 1997, LNCS, vol. 1267, Springer, Berlin, 1997, pp. 28–40.
A. Kerckhoffs, La cryptographie militaire, Journal des Sciences Militaires (1883a), 161–191.
A. Kerckhoffs, La cryptographie militaire, Journal des sciences militaires IX (1883b), 3–72.
C. Y. Lee, Representation of switching circuits by binary-decision programs, Bell System Technical Journal 38 (1959), 985–999.
C. W. Lim and K. Khoo, Detailed analysis on XSL applied to BES, Proc. of FSE 2007, LNCS, vol. 4593, Springer, Berlin, 2007, pp. 242–253.
MAGMA, J. J. Cannon, W. Bosma (eds.), Handbook of MAGMA functions, edition 2.15, 2008.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of applied cryptography, CRC press series on discrete mathematics and its applications, CRC Press, Boca Raton, 1997.
S. Murphy and M. J. B. Robshaw, Essential algebraic structure within the AES, Proc. of CRYPTO 2002, LNCS, vol. 2442, Springer, Berlin, 2002, pp. 1–16.
M. A. Musa, E. F. Schaefer, and S. Wedig, A simplified AES algorithm and its linear and differential cryptanalysis, Cryptologia XXVII (2003), no. 2, 148–177.
National Bureau of Standards, The Data Encryption Standard, Federal Information Processing Standards Publication (FIPS) 46, 1977.
National Institute of Standards and Technology, The Advanced Encryption Standard, Federal Information Processing Standards Publication (FIPS) 197, 2001.
K. Nyberg, Differentially uniform mappings for cryptography, Proc. of EUROCRYPT 1993, LNCS, vol. 765, Springer, Berlin, 1994, pp. 55–64.
R. C. W. Phan, Mini Advanced Encryption Standard (Mini-AES): A testbed for cryptanalysis students, Cryptologia XXVI (2002), no. 4, 283–306.
H. Raddum and I. Semaev, New technique for solving sparse equation systems, Cryptology ePrint Archive, Report 2006/475, 2006, http://eprint.iacr.org/.
H. Raddum and I. Semaev, Solving MRHS linear equations, Proc. of WCC 2007, INRIA, 2007, pp. 323–332.
B. Schneier, The Blowfish encryption algorithm, Dr. Dobb’s Journal (1994), 38–40.
C. E. Shannon, Communication theory of secrecy systems, Bell System Tech. J. 28 (1949), 656–715.
T. Shimoyama and T. Kaneko, Quadratic relation of S-box and its application to the linear attack of full round DES, Proc. of CRYPTO 1998, LNCS, vol. 1462, Springer, Berlin, 1998, pp. 200–211.
W. Stein, Sage: Open Source Mathematical Software (Version 2.8.5), The Sage Group, 2008, http://www.sagemath.org.
S. Stéphane Collart, M. Kalkbrener, and D. Mall, Converting bases with the Gröbner Walk, J. of Symbolic Comput. 24 (1997), nos. 3–4, 465–469.
I. Toli and A. Zanoni, An algebraic interpretation of AES-128, Proc. of AES 2004, LNCS, vol. 3373, Springer, Berlin, 2005, pp. 84–97.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Cid, C., Weinmann, RP. (2009). Block Ciphers: Algebraic Cryptanalysis and Gröbner Bases. In: Sala, M., Sakata, S., Mora, T., Traverso, C., Perret, L. (eds) Gröbner Bases, Coding, and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-93806-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-93806-4_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-93805-7
Online ISBN: 978-3-540-93806-4
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)