Essential Algebraic Structure within the AES
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
New description of SMS4 by an embedding over GF(28)
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
An analysis of the XSL algorithm
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
An analysis of XSL Applied to BES
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Differential Fault Analysis on SMS4 using a single fault
Information Processing Letters
Parallelizing the camellia and SMS4 block ciphers
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Parallelisable variants of Camellia and SMS4 block cipher: p-Camellia and p-SMS4
International Journal of Applied Cryptography
Hi-index | 0.00 |
The XSL attack when applied on BES-128 has been shown to have an attack complexity of 2100, which is faster than exhaustive search. However at FSE 2007, Lim and Khoo analyzed the eprint XSL attack on BES and showed that the attack complexity should be 2401. Later at IEEE-YCS 2008, Qu and Liu counter-proposed that the compact XSL attack on BES-128 works and has complexity 297. In this paper, we point out some errors in the attack of Qu and Liu. We also show that the complexity of the compact XSL attack on BES-128 is at least 2209.15. At Indocrypt 2007, Ji and Hu claimed that the eprint XSL attack on ESMS4 has complexity 277. By the same method we used to analyze BES, we also show that the complexity of compact XSL attack on ESMS4 is at least 2216.58. Our analysis adapts the approach of Lim and Khoo to the compact XSL attack, and improves on it by considering the T *** method that grows the number of equations.