International Workshop on Fast Software Encryption

FSE 2007: Fast Software Encryption pp 242-253

An Analysis of XSL Applied to BES

  • Chu-Wee Lim
  • Khoongming Khoo
Conference paper

DOI: 10.1007/978-3-540-74619-5_16

Volume 4593 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

Currently, the only plausible attack on the Advanced Encryption System (AES) is the XSL attack over F256 through the Big Encryption System (BES) embedding. In this paper, we give an analysis of the XSL attack when applied to BES and conclude that the complexity estimate is too optimistic. For example, the complexity of XSL on BES-128 should be at least 2401 instead of the value of 287 from current literature. Our analysis applies to the eprint version of the XSL attack, which is different from the compact XSL attack studied by Cid and Leurent at Asiacrypt 2005. Moreover, we study the attack on the BES embedding of AES, while Cid and Leurent studies the attack on AES itself. Thus our analysis can be considered as a parallel work, which together with Cid and Leurent’s study, disproves the effectiveness of both versions of the XSL attack against AES.

Keywords

XSL algorithmAESBESlinearisation
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Chu-Wee Lim
    • 1
  • Khoongming Khoo
    • 1
  1. 1.DSO National Laboratories, 20 Science Park Drive, S118230Singapore