Skip to main content
SpringerLink
Log in

Obtaining and Solving Systems of Equations in Key Variables Only for the Small Variants of AES

  • Published:
Mathematics in Computer Science Aims and scope Submit manuscript

Abstract

This work is devoted to attacking the small scale variants of the Advanced Encryption Standard (AES) via systems that contain only the initial key variables. To this end, we investigate a system of equations that naturally arises in the AES, and then introduce an elimination of all the intermediate variables via normal form reductions. The resulting system in key variables only is solved then. We also consider a possibility to apply our method in the meet-in-the-middle scenario especially with several plaintext/ciphertext pairs. We elaborate on the method further by looking for subsystems which contain fewer variables and are overdetermined, thus facilitating solving the large system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Albrecht, M., Cid, C.: Algebraic Techniques in Differential Cryptanalysis. http://eprint.iacr.org/2008/177.pdf (2008)

  2. Albrecht, M., Cid, C.: Algebraic techniques in differential cryptanalysis. In: Proceedings of the First International Conference on Symbolic Computation and Cryptography, Beijing, China, pp. 55–60 (2008)

  3. Albrecht, M., Bard, G., The M4RI Team.: The M4RI Library—Version 20080901. http://m4ri.sagemath.org (2008)

  4. Bardet, M., Faugére, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: ICPSS Paris, pp. 71–75, November (2004)

  5. Barkan, E., Biham, E.: How many ways can you write Rijndael? In: ASIACRYPT 2002, Lecture Notes in Computer Science, vol. 2501, pp. 160–175 (2002)

  6. Billet, O., Patain, J., Seurin, Y.: Analysis of intermediate field systems. In: Proceedings of the First International Conference on Symbolic Computation and Cryptography, Beijing, China, pp. 110–117 (2008)

  7. Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Asiacrypt’09 (in press)

  8. Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic methods in side-channel collision attacks and practical collision detection. In: INDOCRYPT 2008, Lecture Notes in Computer Science, vol. 5365, pp. 251–265 (2008)

  9. Brickenstein, M.: Slimgb: Gröbner bases with slim polynomials. In: Zentrum für Computeralgebra, Kaiserslautern, September (2005)

  10. Brickenstein, M., Bulygin, S.: Attacking AES via solving systems in the key variables only. In: Proceedings of the First International Conference on Symbolic Computation and Cryptography, Beijing, China, pp. 118–123 (2008)

  11. Brickenstein M., Dreyer A.: PolyBoRi: a framework for Gröbner basis computation with Boolean polynomials. Special Issue Effect. Methods Algebraic Geom. J. Symb. Comput. 44(9), 1326–1345 (2009)

    MathSciNet  MATH  Google Scholar 

  12. Brickenstein, M., Dreyer, A.: PolyBoRi: a framework for Gröbner basis computation with Boolean polynomials. In: MEGA’2007 (2007)

  13. Brickenstein, M., Dreyer, A., Greuel, G., Wedler, M., Wienand, O.: New developments in the theory of Gröbner bases and applications to formal verification. http://arxiv.org/abs/0801.1177. Preprint (2008)

  14. Buchberger, B.: Ein Algorithmus zum Auffinden der Basiselemente des Restklassenrings nach einem nulldimensionalen Polynomideal. Universität Innsbruck, Dissertation (1965)

  15. Buchmann, J., Pyshkin, A., Weinmann, R.-P.: A zero-dimensional Groebner basis for AES-128. In: FSE 2006, Lecture Notes in Computer Science, vol. 4047, pp. 78–88 (2006)

  16. Buchmann, J., Pyshkin, A., Weinmann, R.-P.: Block ciphers sensitive to Groebner basis attacks. In: CT-RSA 2006, Lecture Notes in Computer Science, vol. 3860, pp. 313–331. Springer, New York (2006)

  17. Cannon, J.J., Bosma, W. (eds.): Handbook of Magma Functions, Edition 2.14 (2007)

  18. Cid, C., Leurent, G.: An analysis of the XSL algorithm. In: Roy, B. (ed.) Advances in Cryptology—ASIACRYPT 2005, Lecture Notes in Computer Science, vol. 3788, pp. 333–352 (2005)

  19. Cid C., Murphy S., Robshaw M.J.B.: Algebraic Aspects of the Advanced Encryption Standard. Springer, New York (2006)

    MATH  Google Scholar 

  20. Cid, C., Murphy, S., Robshaw, M.: An algebraic framework for cipher embeddings. In: Proceedings of the 10th IMA International Conference on Coding and Cryptography, Lecture Notes in Computer Science, vol. 3796, pp. 278–289 (2005)

  21. Cid, C., Murphy, S., Robshaw, M.: Computational and algebraic aspects of the advanced encryption standard. In: Seventh International Workshop on Computer Algebra in Scientific Computing, CASC 2004, pp. 93–103, St. Petersburg, Russia (2004)

  22. Cid, C., Murphy, S., Robshaw, M.: Small scale variants of the AES. In: Fast Software Encryption—FSE2005, Lecture Notes in Computer Science, vol. 3557, pp. 145–162 (2005)

  23. Clegg, M., Edmonds, J., Impagliazzo, R.: Using the Groebner basis algorithm to find proofs of unsatisfiability. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp. 174–183 (1996)

  24. Courtois, N., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Asiacrypt 2002, Lecture Notes in Computer Science, vol. 2501, pp. 267–287. Springer, New York (2002)

  25. Condrat, C., Kalla, P.: A Gröbner basis approach to CNF-formulae preprocessing. In: Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer Science, vol. 4424, pp. 618–631. Springer, New York (2007)

  26. Dubois, V., Founque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Advances in Cryptology—CRYPTO 2007

  27. Faugére J.-C.: A new efficient algorithm for computing Groöbner bases (F4). J. Pure Appl. Algebra 139, 61–88 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  28. Faugére J.-C., Gianni P., Lazard D., Mora T.: Efficient computation of zero-dimensional Gröbner bases by change of ordering. J. Symb. Comput. 16(4), 329–344 (1993)

    Article  MATH  Google Scholar 

  29. Faugére, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystem using Gröbner bases. In: Boneh, D. (ed.) Advances in Cryptology—EUROCRYPTO 2003, Lecture Notes in Computer Science, vol. 2729, pp. 44–60 (2003)

  30. Faugére, J.-C., Perret, L.: On the security of UOV. In: Proceedings of the First International Conference on Symbolic Computation and Cryptography, Beijing, China, pp. 103–109 (2008)

  31. Greuel, G.-M., Pfister, G.: A SINGULAR Introduction to Commutative Algebra. Springer, New York (2008)

  32. Greuel, G.-M., Pfister, G., Schönemann, H.: Singular 3.0. A Computer Algebra System for Polynomial Computations. Centre for Computer Algebra, University of Kaiserslautern. http://www.singular.uni-kl.de (2005)

  33. Lim, C.-W., Khoo, K.: An analysis of XSL applied to BES. In: FSE 2007, Lecture Notes in Computer Science, vol. 4593, pp. 242–253. Springer, New York (2007)

  34. Miolane, C.V., Knudsen, L.R.: Block cipher analysis. Academic dissertation, in series: (ISBN), p. 176, 200902

  35. Murphy, S., Robshaw, M.: Essential algebraic structure within the AES. In: Yung, M. (ed.) Advances in Cryptology—CRYPTO 2002, Lecture Notes in Computer Science, vol. 2442, pp. 1–16. Springer, Berlin (2002)

  36. National Institute of Standards and Technology. Advanced Encryption Standard. FIPS 197, 26 November (2001)

    Google Scholar 

  37. Raddum, H.: MRHS equation systems. In: Lecture Notes in Computer Science, vol. 4876, pp. 232–245 (2007)

  38. Toli, I., Zanoni, A.: An algebraic interpretation of AES-128. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) Advanced Encryption Standard AES: 4th International Conference, AES 2004, Revised Selected and Invited Papers. Lecture Notes in Computer Science, vol. 3373, pp. 84–97 (2004). doi:10.1007/11506447_8

Download references

Author information

Authors and Affiliations

  1. Center for Advanced Security Research Darmstadt (CASED), Mornewegstrasse 32, 64293, Darmstadt, Germany

    Stanislav Bulygin

  2. Mathematisches Forschungsinstitut Oberwolfach, Schwarzwaldstr. 9-11, 77709, Oberwolfach-Walke, Germany

    Michael Brickenstein

Authors
  1. Stanislav Bulygin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Brickenstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stanislav Bulygin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bulygin, S., Brickenstein, M. Obtaining and Solving Systems of Equations in Key Variables Only for the Small Variants of AES. Math.Comput.Sci. 3, 185–200 (2010). https://doi.org/10.1007/s11786-009-0020-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11786-009-0020-y

Keywords

Mathematics Subject Classification (2000)

Search

Navigation