Abstract
Recently, Courtois and Pieprzyk proposed a class of algebraic attacks on symmetric block ciphers that takes advantage of a previously-unexploited property of substitution boxes, or s-boxes, in the round function. This paper gives a brief overview of this ``overdefined system of equations'' (OSE) attack and shows how the attack may be avoided through the use of round functions constructed according to the CAST design procedure. Such round functions contain a variety of protection mechanisms, including s-boxes of large dimension, a circular key-dependent rotation step, and combinations of operators from different algebraic groups.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Adams, C.: Constructing Symmetric Ciphers Using the CAST Design Procedure. Designs, Codes and Cryptography 12(3), 71–104 (1997)
Adams, C.: ``The CAST-128 Encryption Algorithm'', Internet Request for Comments RFC 2144, 1997
Adams, C., Gilchrist, J.: ``The CAST-256 Encryption Algorithm'', Internet Request for Comments RFC 2612, 1999
Anderson, R., Biham, E., Knudsen, L.: ``Serpent: A Proposal for the Advanced Encryption Standard''. Available from http://www.cl.cam.ac.uk/~rja14/serpent.html
Coppersmith, D.: ``Impact of Courtois and Pieprzyk Results'', NIST AES Discussion Forum, September 19, 2002. Available from http://www.nist.gov/aes (or see http://www.makeashorterlink.com/?K27C515E1)
Courtois, N.: ``General Principles of Algebraic Attacks and New Design Criteria for Cipher Components'', Invited talk, Fourth Conference on the Advanced Encryption Standard (AES); see http://www.aes4.org/english/events/aes4/downloads/algatt_bonn_6.pdf
Courtois, N., Pieprzyk, J.: ``Cryptanalysis of Block Ciphers with Overdefined Systems of Equations'', 2002. Available from http://eprint.iacr.org/2002/044/ (See also Proceedings of AsiaCrypt 2002, LNCS 2501, Springer, pp. 267–287, and some further discussion at http://www.cryptosystem.net/aes/)
Daemen, J., Rijmen, V.: ``AES proposal: Rijndael''. Available from http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf
Lee, D.H., Kim, J., Hong, J., Han, J.W., Moon, D.: ``Algebraic Attacks on Summation Generators''. Proceedings of Fast Software Encryption 2004 (to appear)
Moh, T.: ``On the Courtois-Pieprzyk's Attack on Rijndael'', September 18, 2002. Available from http://www.usdsi.com/aes.html
Murphy, S., Robshaw, M.: ``Comments on the Security of the AES and the XSL Technique'', September 26, 2002. Available from http://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/Xslbes8_Ness.pdf
Row Reduced Echelon form for solving a system of linear equations. See, for example, Module for Row Reduced Echelon Form, available from http://mathews.ecs.fullerton.edu/n2003/EchelonFormMod.html
Shamir, A., Patarin, J., Courtois, N., Klimov, A.: Efficient Algorithms for solving Overdefined Systems of Multivariate Polynomial Equations. Advances in Cryptology: Proceedings of Eurocrypt, LNCS 1807, Springer, 2000 pp. 392–407
Shannon, C.: Communication Theory of Secrecy Systems. Bell System Technical Journal 28, 1949 pp. 656–715
Webster, A., Tavares, S.: On the Design of S-Boxes. Advances in Cryptology: Proceedings of CRYPTO '85, Springer-Verlag, 1986 pp. 523–534
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Adams, C. Designing against a class of algebraic attacks on symmetric block ciphers. AAECC 17, 17–27 (2006). https://doi.org/10.1007/s00200-006-0194-3
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00200-006-0194-3