Advances in Cryptology — CRYPTO 2002

Volume 2442 of the series Lecture Notes in Computer Science pp 1-16


Essential Algebraic Structure within the AES

  • Sean MurphyAffiliated withInformation Security Group, University of London
  • , Matthew J.B. RobshawAffiliated withInformation Security Group, University of London


One difficulty in the cryptanalysis of the Advanced Encryption Standard AES is the tension between operations in the two fields GF(28) and GF(2). This paper outlines a new approach that avoids this conflict. We define a new block cipher, the BES, that uses only simple algebraic operations in GF(28). Yet the AES can be regarded as being identical to the BES with a restricted message space and key space, thus enabling the AES to be realised solely using simple algebraic operations in one field GF(28). This permits the exploration of the AES within a broad and rich setting. One consequence is that AES encryption can be described by an extremely sparse overdetermined multivariate quadratic system over GF(28), whose solution would recover an AES key.


Advanced Encryption Standard AES Rijndael BES Algebraic Structure (Finite) Galois Field (Field) Conjugate Multivariate Quadratic (MQ) Equations