Theoretical Analysis of XL over Small Fields

  • Bo-Yin Yang
  • Jiun-Ming Chen
Conference paper

DOI: 10.1007/978-3-540-27800-9_24

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3108)
Cite this paper as:
Yang BY., Chen JM. (2004) Theoretical Analysis of XL over Small Fields. In: Wang H., Pieprzyk J., Varadharajan V. (eds) Information Security and Privacy. ACISP 2004. Lecture Notes in Computer Science, vol 3108. Springer, Berlin, Heidelberg

Abstract

XL was first introduced to solve determined or overdetermined systems of equations over a finite field as an “algebraic attack” against multivariate cryptosystems. There has been a steady stream of announcements of cryptanalysis of primitives by such attacks, including stream ciphers (e.g. Toyocrypt), PKC’s, and more controversially block ciphers (AES/Rijndael and Serpent).

Prior discussions of XL are usually heavy in simulations, which are of course valuable but we would like more attention to theory, because theory and simulations must validate each other, and there are some nuances not easily discerned from simulations. More effort was made in this direction of recent, but much of it was restricted to a large base field of size q, which is usually equal to 2k. By conducting an analysis of XL variants in general, we try to derive rigorous “termination conditions”, minimal degree requirements for reliable, successful operation of XL and its relatives, hence better security estimates. Our work is applicable to small q, in particular the significant q=2 case.

Armed with this analysis, we reexamine previously announced results. We conclude that XL and variants represent a theoretical advance that is especially significant over small fields (in particular over GF(2)). However, its applicability and efficacy are occasionally overestimated slightly. We discuss possible future research directions. Much remains to be done.

Keywords

XL finite field multivariate cryptography system of quadratic equations algebraic attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Bo-Yin Yang
    • 1
  • Jiun-Ming Chen
    • 2
  1. 1.Department of MathematicsTamkang UniversityTamsuiTaiwan
  2. 2.Chinese Data Security Inc. & National Taiwan UTaipei

Personalised recommendations