Essential Algebraic Structure within the AES
One difficulty in the cryptanalysis of the Advanced Encryption Standard AES is the tension between operations in the two fields GF(28) and GF(2). This paper outlines a new approach that avoids this conflict. We define a new block cipher, the BES, that uses only simple algebraic operations in GF(28). Yet the AES can be regarded as being identical to the BES with a restricted message space and key space, thus enabling the AES to be realised solely using simple algebraic operations in one field GF(28). This permits the exploration of the AES within a broad and rich setting. One consequence is that AES encryption can be described by an extremely sparse overdetermined multivariate quadratic system over GF(28), whose solution would recover an AES key.
KeywordsAdvanced Encryption Standard AES Rijndael BES Algebraic Structure (Finite) Galois Field (Field) Conjugate Multivariate Quadratic (MQ) Equations
- 2.D. Coppersmith. Personal communication, 30 April 2002.Google Scholar
- 3.N. Courtois, L. Goubin, and J. Patarin. Quartz, 128-bit long digital signatures. In D. Naccache, editor, Proceedings of Cryptographers’ Track RSA Conference 2001, LNCS 2020, pages 282–297, Springer-Verlag, 2001.Google Scholar
- 4.N. Courtois, L. Goubin, W. Meier, and J. Tacier. Solving underdefined systems of multivariate quadratic equations. In D. Paillier, editor, Proceedings of Public Key Cryptography 2002, LNCS 2274, pages 211–227, Springer-Verlag, 2002.Google Scholar
- 5.N. Courtois, A. Klimov, J. Patarin, and A. Shamir. Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In B. Preneel, editor, Proceedings of Eurocrypt 2000, LNCS 1807, pages 392–407, Springer-Verlag, 2000.Google Scholar
- 6.N. Courtois and J. Pieprzyk. Cryptanalysis of block ciphers with overdefined systems of equations. IACR eprint server http://www.iacr.org, April 2002.
- 7.J. Daemen and V. Rijmen. AES Proposal: Rijndael (Version 2). NIST AES website http://www.csrc.nist.gov/encryption/aes, 1999.
- 8.J. Daemen and V. Rijmen. The Design of Rijndael: AES-The Advanced Encryption Standard. Springer-Verlag, 2002.Google Scholar
- 9.J. Daemen and V. Rijmen. Answers to “New Observations on Rijndael”. NIST AES website http://www.csrc.nist.gov/encryption/aes, August 2000.
- 10.N. Ferguson, J. Kelsey, B. Schneier, M. Stay, D. Wagner, and D. Whiting. Improved cryptanalysis of Rijndael. In B. Schneier, editor, Proceedings of Fast Software Encryption 2000, LNCS, pages 213–230, Springer-Verlag, 2000.Google Scholar
- 11.N. Ferguson, R. Shroeppel, and D. Whiting. A simple algebraic representation of Rijndael. In S. Vaudenay and A. Youssef, editors, Proceedings of Selected Areas in Cryptography, LNCS, pages 103–111, Springer-Verlag, 2001.Google Scholar
- 12.H. Gilbert and M. Minier. A collision attack on seven rounds of Rijndael. Third AES Conference, NIST AES website http://www.csrc.nist.gov/encryption/aes, April 2000.
- 13.T. Jakobsen and L.R. Knudsen. The interpolation attack on block ciphers. In E. Biham, editor, Proceedings of Fast Software Encryption 1997, LNCS 1267, pages 28–40, Springer-Verlag, 1997.Google Scholar
- 14.A. Kipnis and A. Shamir. Cryptanalysis of the HFE Public Key Cryptosystem be Relinearization. In M. Wiener, editor, Proceedings of Crypto’ 99, LNCS 1666, pages 19–30, Springer-Verlag, 1999.Google Scholar
- 15.L. Knudsen and H. Raddum. Recommendation to NIST for the AES. NIST second round comment, NIST AES website http://www.csrc.nist.gov/encryption/aes/, 2000.
- 16.R. Lidl and H. Niederreiter. Introduction to Finite Fields and Their Applications. Cambridge University Press, 1984.Google Scholar
- 17.S. Lucks. Attacking seven rounds of Rijndael under 192-bit and 256-bit keys. In Proceedings of Third AES Conference and also via NIST AES website http://www.csrc.nist.gov/encryption/aes, April 2000.
- 18.M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Proceedings of Eurocrypt’ 93, LNCS 765, pages 386–397, Springer-Verlag, 1994.Google Scholar
- 19.S. Murphy and M.J.B. Robshaw. New observations on Rijndael. NIST AES website http://www.csrc.nist.gov/encryption/aes, August 2000.
- 20.S. Murphy and M.J.B. Robshaw. Further comments on the structure of Rijndael. NIST AES website http://www.csrc.nist.gov/encryption/aes, August 2000.
- 21.National Institute of Standards and Technology. Advanced Encryption Standard. FIPS 197. 26 November 2001.Google Scholar
- 22.J. Patarin. Hidden field equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms. In U. Maurer, editor, Proceedings of Eurocrypt’ 96, LNCS 1070, pages 33–48, Springer-Verlag, 1996.Google Scholar
- 23.R. Schroeppel. Second round comments to NIST. NIST second round comment, NIST AES website http://www.csrc.nist.gov/encryption/aes/, 2000.
- 24.R. Wernsdorf. The round functions of Rijndael generate the alternating group. In V. Rijmen, editor, Proceedings of Fast Software Encryption, LNCS, Springer-Verlag, to appear.Google Scholar