## Essential algebraic structure within the AES (2002)

### Cached

### Download Links

- [www.iacr.org]
- [www.iacr.org]
- [www.cosic.esat.kuleuven.ac.be]
- [www.cosic.esat.kuleuven.be]
- [www.isg.rhul.ac.uk]
- [www.isg.rhul.ac.uk]
- DBLP

### Other Repositories/Bibliography

Citations: | 70 - 7 self |

### BibTeX

@INPROCEEDINGS{Murphy02essentialalgebraic,

author = {Sean Murphy and Matthew J. B. Robshaw},

title = {Essential algebraic structure within the AES},

booktitle = {},

year = {2002},

pages = {1--16},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. One difficulty in the cryptanalysis of the Advanced Encryption Standard AES is the tension between operations in the two fields GF (2 8) and GF (2). This paper outlines a new approach that avoids this conflict. We define a new block cipher, the BES, that uses only simple algebraic operations in GF (2 8). Yet the AES can be regarded as being identical to the BES with a restricted message space and key space, thus enabling the AES to be realised solely using simple algebraic operations in one field GF (2 8). This permits the exploration of the AES within a broad and rich setting. One consequence is that AES encryption can be described by an extremely sparse overdetermined multivariate quadratic system over GF (2 8), whose solution would recover an AES key.

### Citations

432 |
Linear cryptanalysis method for DES cipher
- Matsui
- 1993
(Show Context)
Citation Context ...oduction Rijndael [7, 8] was chosen as the Advanced Encryption Standard (AES) and published as FIPS 197 [21] on 26 November 2001. The AES is carefully designed to resist standard block cipher attacks =-=[1, 18]-=-. Here we move our attention to a cipher that is an extension of AES, but which offers one particular advantage. All of the operations in this new cipher, the BES, are entirely described using very si... |

410 |
Introduction to Finite Fields and Their Applications
- Lidl, Niederreiter
- 1986
(Show Context)
Citation Context ...e exists a polynomial with co-efficients in F which interpolates f : F ! F. This polynomial may be regarded as an equivalent definition of f . Further, since f is an additive or linearized polynomial =-=[16]-=- on F, it is necessarily described by a linear combination of conjugates. Thus we obtain f(a) = 7 X k=0sk a 2 k for a 2 F, where ( 0 ;s1 ;s2 ;s3 ;s4 ;s5 ;s6 ;s7 ) = (05; 09; f9; 25; f4; 01; b5; 8f): T... |

334 |
A.: Differential Cryptanalysis of the Data Encryption Standard
- Biham, Shamir
(Show Context)
Citation Context ...oduction Rijndael [7, 8] was chosen as the Advanced Encryption Standard (AES) and published as FIPS 197 [21] on 26 November 2001. The AES is carefully designed to resist standard block cipher attacks =-=[1, 18]-=-. Here we move our attention to a cipher that is an extension of AES, but which offers one particular advantage. All of the operations in this new cipher, the BES, are entirely described using very si... |

195 | Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
- Courtois, Pieprzyk
- 2002
(Show Context)
Citation Context ...ystems of equations lies at the heart of several public key cryptosystems [3, 22], and there has been some progress in providing solutions to such problems [4, 5, 14]. Recently, Courtois and Pieprzyk =-=[6]-=- have suggested the use of a system of multivariate quadratic equations over GF (2) to analyse the AES. However, such a GF (2)-system derived directly from the AES is far more complicated than the F-s... |

134 | Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations
- Courtois, Klimov, et al.
(Show Context)
Citation Context ...such a system. The problem of solving such systems of equations lies at the heart of several public key cryptosystems [3, 22], and there has been some progress in providing solutions to such problems =-=[4, 5, 14]-=-. Recently, Courtois and Pieprzyk [6] have suggested the use of a system of multivariate quadratic equations over GF (2) to analyse the AES. However, such a GF (2)-system derived directly from the AES... |

123 | Hidden fields equations (HFE) and isomorphisms of polynomials (ip): Two new families of asymmetric algorithms
- Patarin
- 1996
(Show Context)
Citation Context ...ivariate quadratic equations by expressing a BES (and hence an AES) encryption as such a system. The problem of solving such systems of equations lies at the heart of several public key cryptosystems =-=[3, 22]-=-, and there has been some progress in providing solutions to such problems [4, 5, 14]. Recently, Courtois and Pieprzyk [6] have suggested the use of a system of multivariate quadratic equations over G... |

91 | Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization
- Kipnis, Shamir
- 1999
(Show Context)
Citation Context ...such a system. The problem of solving such systems of equations lies at the heart of several public key cryptosystems [3, 22], and there has been some progress in providing solutions to such problems =-=[4, 5, 14]-=-. Recently, Courtois and Pieprzyk [6] have suggested the use of a system of multivariate quadratic equations over GF (2) to analyse the AES. However, such a GF (2)-system derived directly from the AES... |

71 |
The Design of Rijndael: AESâ€“The Advanced Encryption Standard
- Daemen, Jijmen
- 2002
(Show Context)
Citation Context ...r an AES key. Keywords: Advanced Encryption Standard, AES, Rijndael, BES, Algebraic Structure, (Finite) Galois Field, (Field) Conjugate, Multivariate Quadratic (MQ) Equations. 1 Introduction Rijndael =-=[7, 8]-=- was chosen as the Advanced Encryption Standard (AES) and published as FIPS 197 [21] on 26 November 2001. The AES is carefully designed to resist standard block cipher attacks [1, 18]. Here we move ou... |

62 | Correlation Attacks on Block Ciphers
- Jakobsen
- 1996
(Show Context)
Citation Context ... this type of multivariate quadratic system would give a cryptanalysis of the AES with potentially very few plaintext-ciphertext pairs. While there is some connection to work on interpolation attacks =-=[13]-=-, techniques such as relinearisation [14] or the extended linearisation or XL algorithm [5] have been specifically developed for the solution of such systems. A simple overview of these techniques is ... |

53 | Improved cryptanalysis of Rijndael
- Ferguson, Kelsey, et al.
- 1978
(Show Context)
Citation Context ...ight offer significant improvements to the cryptanalysis of the AES. 2 Previous Work and Notation Throughout the AES process, Rijndael (the eventual AES) received considerable cryptanalytic attention =-=[10, 12, 17]-=-. The simplicity of Rijndael was emphasized by its designers [7, 8], and much work has concentrated on the structural properties of the cipher [9, 11, 15, 19, 20, 23, 24]. In this paper we introduce a... |

31 | Attacking seven rounds of rijndael under 192-bit and 256-bit keys
- Lucks
- 2000
(Show Context)
Citation Context ...ight offer significant improvements to the cryptanalysis of the AES. 2 Previous Work and Notation Throughout the AES process, Rijndael (the eventual AES) received considerable cryptanalytic attention =-=[10, 12, 17]-=-. The simplicity of Rijndael was emphasized by its designers [7, 8], and much work has concentrated on the structural properties of the cipher [9, 11, 15, 19, 20, 23, 24]. In this paper we introduce a... |

27 | A Simple Algebraic Representation of Rijndael
- Ferguson, Schroeppel, et al.
- 2001
(Show Context)
Citation Context ...eceived considerable cryptanalytic attention [10, 12, 17]. The simplicity of Rijndael was emphasized by its designers [7, 8], and much work has concentrated on the structural properties of the cipher =-=[9, 11, 15, 19, 20, 23, 24]-=-. In this paper we introduce a new technique which further simplifies analysis of the AES. While the AES encryption process is typically described using operations on an array of bytes, we represent t... |

18 |
Quartz, 128-bit long digital signature
- Courtois, Goubin, et al.
(Show Context)
Citation Context ...ivariate quadratic equations by expressing a BES (and hence an AES) encryption as such a system. The problem of solving such systems of equations lies at the heart of several public key cryptosystems =-=[3, 22]-=-, and there has been some progress in providing solutions to such problems [4, 5, 14]. Recently, Courtois and Pieprzyk [6] have suggested the use of a system of multivariate quadratic equations over G... |

13 |
A collision attack on seven rounds of Rijndael
- Gilbert, Minier
- 2000
(Show Context)
Citation Context ...ight offer significant improvements to the cryptanalysis of the AES. 2 Previous Work and Notation Throughout the AES process, Rijndael (the eventual AES) received considerable cryptanalytic attention =-=[10, 12, 17]-=-. The simplicity of Rijndael was emphasized by its designers [7, 8], and much work has concentrated on the structural properties of the cipher [9, 11, 15, 19, 20, 23, 24]. In this paper we introduce a... |

13 | The round functions of Rijndael generate the alternating group, Fast Software Encryption 2002
- Wernsdorf
- 2002
(Show Context)
Citation Context ...eceived considerable cryptanalytic attention [10, 12, 17]. The simplicity of Rijndael was emphasized by its designers [7, 8], and much work has concentrated on the structural properties of the cipher =-=[9, 11, 15, 19, 20, 23, 24]-=-. In this paper we introduce a new technique which further simplifies analysis of the AES. While the AES encryption process is typically described using operations on an array of bytes, we represent t... |

12 | Solving underdefined systems of multivariate quadratic equations
- Courtois, Goubin, et al.
- 2002
(Show Context)
Citation Context ...such a system. The problem of solving such systems of equations lies at the heart of several public key cryptosystems [3, 22], and there has been some progress in providing solutions to such problems =-=[4, 5, 14]-=-. Recently, Courtois and Pieprzyk [6] have suggested the use of a system of multivariate quadratic equations over GF (2) to analyse the AES. However, such a GF (2)-system derived directly from the AES... |

4 | Further Comments on the Structure of Rijndael
- Murphy, Robshaw
- 2000
(Show Context)
Citation Context ...eceived considerable cryptanalytic attention [10, 12, 17]. The simplicity of Rijndael was emphasized by its designers [7, 8], and much work has concentrated on the structural properties of the cipher =-=[9, 11, 15, 19, 20, 23, 24]-=-. In this paper we introduce a new technique which further simplifies analysis of the AES. While the AES encryption process is typically described using operations on an array of bytes, we represent t... |

4 | Rijmen, Answers to new observations on Rijndael - Daemen, Vincent - 2000 |

2 |
Recommendation to NIST for the AES
- Knudsen, Raddum
- 2000
(Show Context)
Citation Context |

2 |
Second round comments to NIST
- Schroeppel
- 2000
(Show Context)
Citation Context |

1 | Answers to "New Observations on Rijndael - Daemen, Rijmen - 2000 |