Skip to main content
SpringerLink
Log in

Counting equations in algebraic attacks on block ciphers

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

This paper is about counting linearly independent equations for so-called algebraic attacks on block ciphers. The basic idea behind many of these approaches, e.g., XL, is to generate a large set of equations from an initial set of equations by multiplication of existing equations by the variables in the system. One of the most difficult tasks is to determine the exact number of linearly independent equations one obtain in the attacks. In this paper, it is shown that by splitting the equations defined over a block cipher (an SP-network) into two sets, one can determine the exact number of linearly independent equations which can be generated in algebraic attacks within each of these sets of a certain degree. While this does not give us a direct formula for the success of algebraic attacks on block ciphers, it gives some interesting bounds on the number of equations one can obtain from a given block cipher. Our results are applied to the AES and to a variant of the AES, and the exact numbers of linearly independent equations in the two sets that one can generate by multiplication of an initial set of equations are given. Our results also indicate, in a novel way, that the AES is not vulnerable to the algebraic attacks as defined here.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Andersen Henning E.: On puncturing of codes from Norm-Trace curves. Finite Fields Appl. 1, 136–157 (2007)

    Article  Google Scholar 

  2. Buchberger B.: Bruno Buchberger’s PhD thesis 1965: an algorithm for finding the basis elements of the residue class ring of a zero dimensional polynomial ideal. J. Symb. Comput. 41, 475–511 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  3. Cid, C., Leurent, G.: An analysis of the XSL algorithm. In: Roy, B.K. (ed.) Advances in Cryptology—ASIACRYPT 2005, 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, December 4–8, 2005, Proceedings. Lecture Notes in Computer Science, vol. 3788, pp. 333–352. Springer (2005)

  4. Cid, C., Murphy, S., Robshaw, M.J.B.: Small scale variants of the AES. In: Gilbert, H., Handschuh, H. (eds.) Fast Software Encryption, 12th International Workshop, Paris,France. Lecture Notes in Computer Science, vol. 3557, pp. 145–162. Springer (2005)

  5. Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) Advances in Cryptology—EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, May 4–8, 2003, Proceedings. Lecture Notes in Computer Science, vol. 2656, pp. 345–359. Springer (2003)

  6. Courtois, N.T., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) Advances in Cryptology—EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14–18, 2000, Proceedings. Lecture Notes in Computer Science, vol. 1807, pp. 392–407. Springer (2000)

  7. Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined system of equations. In: Zheng, Y. (ed.) Advances in Cryptology—ASIACRYPT 2002, 8th International Conference on the Theory and Application of Cryptology and Information Security, Queenstown, New Zealand, December 1–5, 2002, Proceedings. Lecture Notes in Computer Science, vol. 2501, pp. 267–287. Springer (2002)

  8. Cox D., Little J., OShea D.: Using Algebraic Geometry, 1st edn. Springer, New York (1998)

    MATH  Google Scholar 

  9. Cox D., Little J., OShea D.: Ideals, Varieties, and Algorithms, An Introduction to Computational Geometry and Commutative Algebra, 2nd edn. Springer, New York (2005)

    Google Scholar 

  10. Diem, C.: The XL-algorithm and a conjecture from commutative algebra. In: Lee, P.J. (ed.) Advances in Cryptology—ASIACRYPT 2004, 10th International Conference on the Theory and Application of Cryptology and Information Security, Jeju Island, Korea, December 5–9, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3329, pp. 323–337. Springer (2004)

  11. Lim, C.-W., Khoo, K.: An analysis of XSL applied to BES. In: Biryukov, A. (ed.) Fast Software Encryption, 14th International Workshop, FSE 2007, Luxembourg, Luxembourg, March 26–28, 2007, Revised Selected Papers. Lecture Notes in Computer Science, vol. 4593, pp. 242–253. Springer (2007)

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, Technical University of Denmark, Kgs. Lyngby, Denmark

    Lars R. Knudsen & Charlotte V. Miolane

Authors
  1. Lars R. Knudsen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Charlotte V. Miolane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lars R. Knudsen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Knudsen, L.R., Miolane, C.V. Counting equations in algebraic attacks on block ciphers. Int. J. Inf. Secur. 9, 127–135 (2010). https://doi.org/10.1007/s10207-009-0099-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-009-0099-9

Keywords

Search

Navigation