An Algebraic Interpretation of \(\mathcal{AES}\)128

  • Ilia Toli
  • Alberto Zanoni
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3373)


We analyze an algebraic representation of \(\mathcal{AES}\) 128 as an embedding in \(\mathcal{BES}\), due to Murphy and Robshaw. We present two systems of equations S  ⋆  and K  ⋆  concerning encryption and key generation processes. After some simple but rather cumbersome substitutions, we should obtain two new systems \({\mathcal{C}}_{1}\) and \({\mathcal{C}}_{2}\). \({\mathcal{C}}_{1}\) has 16 very dense equations of degree up to 255 in each of its 16 variables. With a single pair (p,c), with p a cleartext and c its encryption, its roots give all possible keys that should encrypt p to c. \({\mathcal{C}}_{2}\) may be defined using 11 or more pairs (p,c), and has 16 times as many equations in 176 variables. K  ⋆  and most of S  ⋆  is invariant for all key choices.


Block Cipher Advance Encryption Standard Hilbert Series Block Diagonal Matrix Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cox, D.A., Little, J., O’Shea, D.: Ideals, Varieties, and Algorithms, An Introduction to Computational Algebraic Geometry and Commutative Algebra. Springer, New York (1992)zbMATHGoogle Scholar
  2. 2.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Daemen, J., Rijmen, V.: AES proposal: Rijndael (Version 2). NIST AES (1999). Website,
  4. 4.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  5. 5.
    National Institute of Standards and Technology. Advanced Encryption Standard. In: FIPS, November 26, vol. 197 (2001)Google Scholar
  6. 6.
    Ferguson, N., Schroeppel, R., Whiting, D.: A simple algebraic representation of Rijndael. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 103–111. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Grayson, D.R., Stillman, M.E.: Macaulay 2, a software system for research in algebraic geome= try, Available at,
  8. 8.
    Greuel, G.-M., Pfister, G., Schönemann, H.: Singular 2-0-3. A Computer Algebra System for= Polynomial Computations. Center for Computer Algebra, University of Kaiserslautern (2003),
  9. 9.
    Murphy, S., Robshaw, M.J.B.: Essential Algebraic Structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Oswald, E., Daemen, J., Rijmen, V.: The State of the Art of Rijndael’s Security. Technical report, (available at),
  11. 11.
    Stinson, D.R.: CRYPTOGRAPHY, Theory and Practice, 2nd edn. Chapman & Hall/CRC, Boca Raton (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ilia Toli
    • 1
  • Alberto Zanoni
    • 1
  1. 1.Dipartimento di Matematica Leonida TonelliUniversità di PisaPisaItaly

Personalised recommendations