Algebraic Cryptanalysis of Curry and Flurry Using Correlated Messages

  • Jean-Charles Faugère
  • Ludovic Perret
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6151)


In this paper, we present an algebraic attack against the Flurry and Curry block ciphers [12,13]. Usually, algebraic attacks against block ciphers only require one message/ciphertext pair to be mounted. In this paper, we investigate a different approach. Roughly, the idea is to generate an algebraic system from the knowledge of several well chosen correlated message/ciphertext pairs. Flurry and Curry are two families of ciphers which fully parametrizable and having a sound design strategy against the most common statistical attacks; i.e. linear and differential attacks. These ciphers are then targets of choices for algebraic attacks. It turns out that our new approach permits to go one step further in the (algebraic) cryptanalysis of difficult instances of Flurry and Curry. To explain the behavior of our attack, we have established an interesting connection between algebraic attacks and high order differential cryptanalysis [32]. From extensive experiments, we estimate that our approach – that we will call ”algebraic-high order differential” cryptanalysis – is polynomial when the Sbox is a power function. As a proof of concept, we have been able to break Flurry/Curry – up to 8 rounds – in few hours. We have also investigated the more difficult (and interesting case) of the inverse function. For such function, we have not been able to bound precisely the theoretical complexity, but our experiments indicate that our approach permits to obtain a significant practical gain. We have attacked Flurry/Curry using the inverse Sbox up to 8 rounds.


Block Cipher Basis Computation Polynomial System Stream Cipher Algebraic Degree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Albrecht, M., Cid, C.: Algebraic Techniques in Differential Cryptanalysis,
  2. 2.
    Albrecht, M., Cid, C.: Algebraic Techniques in Differential Cryptanalysis. In: Proceedings of the First International Conference on Symbolic Computation and Cryptography, SCC 2008, Beijing, China (April 2008)Google Scholar
  3. 3.
    Ars, G., Faugère, J.-C., Imai, H., Kawazoe, M., Sugita, M.: Comparison Between XL and Gröbner Basis Algorithms. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 338–353. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Ars, G.: Applications des Bases de Gröbner à la Cryptographie. Thèse de doctorat, Université de Rennes I (2004)Google Scholar
  5. 5.
    Bardet, M.: Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. Thèse de doctorat, Université de Paris VI (2004)Google Scholar
  6. 6.
    Bardet, M., Faugère, J.-C., Salvy, B.: On the Complexity of Gröbner Basis Computation of Semi-Regular Overdetermined Algebraic Equations. In: Proc. of International Conference on Polynomial System Solving (ICPSS), pp. 71–75 (2004)Google Scholar
  7. 7.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic Behaviour of the Degree of Regularity of Semi-Regular Polynomial Systems. In: Proc. of MEGA 2005, Eighth Inter. Symposium on Effective Methods in Algebraic Geometry (2005)Google Scholar
  8. 8.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  9. 9.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Biham, E., Shamir, A.: Differential Cryptanalysis of of the Full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)Google Scholar
  11. 11.
    Buchberger, B.: Ein algorithmisches Kriterium fur die Lösbarkeit eines algebraischen Gleichungssystems (An Algorithmical Criterion for the Solvability of Algebraic Systems of Equations). Aequationes mathematicae 4(3), 374–383 (1970); English translation in: Buchberger, B., Winkler, F. (eds.) Grobner Bases and Applications. In: Proceedings of the International Conference 33 Years of Gröbner Bases, RISC, Austria. Lecture Note Series, vol. 251, pp. 535–545. London Mathematical Society, Cambridge University Press (1998)Google Scholar
  12. 12.
    Buchmann, J., Pyshkin, A., Weinmann, R.-P.: Block Ciphers Sensitive to Gröbner Basis Attacks. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 313–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Buchmann, J., Pyshkin, A., Weinmann, R.-P.: Block Ciphers Sensitive to Gröbner Basis Attacks – Extended version,
  14. 14.
    Buchmann, J., Pyshkin, A., Weinmann, R.-P.: A Zero-Dimensional Gröbner Basis for AES-128. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 78–88. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Courtois, N.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Cid, C., Murphy, S., Robshaw, M.J.B.: Small Scale Variants of the AES. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 145–162. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Cid, C., Murphy, S., Robshaw, M.J.B.: Algebraic Aspects of the Advanced Encryption Standard. Springer, Heidelberg (2006)zbMATHGoogle Scholar
  20. 20.
    Cid, C., Albrecht, M., Augot, D., Canteaut, A., Weinmann, R.-P.: Algebraic Cryptanalysis of Symmetric Primitives. In: Deliverable STVL, ECRYPT - European Network of Excellence Collaborations (July 2008),
  21. 21.
    Cid, C., Leurent, G.: An Analysis of the XSL Algorithm. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 333–352. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Cox, D.A., Little, J.B., O’Shea, D.: Ideals, Varieties, and algorithms: an Introduction to Computational Algebraic Geometry and Commutative algebra. In: Undergraduate Texts in Mathematics. Springer, New York (1992)Google Scholar
  23. 23.
    Faugère, J.C., Gianni, P., Lazard, D., Mora, T.: Efficient Computation of Zero-Dimensional Gröbner Bases by Change of Ordering. Journal of Symbolic Computation 16(4), 329–344 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Basis: F4. Journal of Pure and Applied Algebra 139, 61–68 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Basis without Reduction to Zero: F5. In: Proceedings of ISSAC, pp. 75–83. ACM Press, New York (July 2002)Google Scholar
  26. 26.
    Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems using Gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Faugère, J.-C., Perret, L.: Polynomial Equivalence Problems: Algorithmic and Theoretical Aspects. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 30–47. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Faugère, J.-C., Perret, L.: Cryptanalysis of 2R Schemes. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 357–372. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of MinRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008)Google Scholar
  30. 30.
    Garey, M.R., Johnson, D.B.: Computers and Intractability. A Guide to the Theory of NP-Completeness. W.H. Freeman, New York (1979)zbMATHGoogle Scholar
  31. 31.
    Knudsen, L.R.: Truncated and Higher Order Di fferentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)Google Scholar
  32. 32.
    Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. In: Communications and Cryptography, pp. 227–233. Kluwer Academic Publishers, Dordrecht (1994)Google Scholar
  33. 33.
    Lim, C.-W., Khoo, K.: An Analysis of XSL Applied to BES. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 242–253. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  34. 34.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  35. 35.
    Wiedemann, D.H.: Solving sparse linear equations over finite fields. IEEE Trans. Information Theory IT-32, 54–62 (1986)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jean-Charles Faugère
    • 1
  • Ludovic Perret
    • 1
  1. 1.SALSA Project, INRIA, Centre Paris-RocquencourtUPMC, Univ Paris 06, LIP6, CNRS, UMR 7606, LIP6ParisFrance

Personalised recommendations