An Analysis of the Compact XSL Attack on BES and Embedded SMS4

Authors:
Jiali Choy;Huihui Yap;Khoongming Khoo
Affiliations:
DSO National Laboratories, Singapore S118230;DSO National Laboratories, Singapore S118230;DSO National Laboratories, Singapore S118230
Venue:
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Year:
2009

Citing 7
Cited 3

Essential Algebraic Structure within the AES

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
An XSL Analysis on BES

ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
Efficient algorithms for solving overdefined systems of multivariate polynomial equations

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
New description of SMS4 by an embedding over GF(28)

INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
An analysis of the XSL algorithm

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
An analysis of XSL Applied to BES

FSE'07 Proceedings of the 14th international conference on Fast Software Encryption

Differential Fault Analysis on SMS4 using a single fault

Information Processing Letters
Parallelizing the camellia and SMS4 block ciphers

AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Parallelisable variants of Camellia and SMS4 block cipher: p-Camellia and p-SMS4

International Journal of Applied Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

The XSL attack when applied on BES-128 has been shown to have an attack complexity of 2100, which is faster than exhaustive search. However at FSE 2007, Lim and Khoo analyzed the eprint XSL attack on BES and showed that the attack complexity should be 2401. Later at IEEE-YCS 2008, Qu and Liu counter-proposed that the compact XSL attack on BES-128 works and has complexity 297. In this paper, we point out some errors in the attack of Qu and Liu. We also show that the complexity of the compact XSL attack on BES-128 is at least 2209.15. At Indocrypt 2007, Ji and Hu claimed that the eprint XSL attack on ESMS4 has complexity 277. By the same method we used to analyze BES, we also show that the complexity of compact XSL attack on ESMS4 is at least 2216.58. Our analysis adapts the approach of Lim and Khoo to the compact XSL attack, and improves on it by considering the T *** method that grows the number of equations.