An analysis of XSL Applied to BES

Authors:
Chu-Wee Lim;Khoongming Khoo
Affiliations:
DSO National Laboratories, Singapore;DSO National Laboratories, Singapore
Venue:
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Year:
2007

Citing 5
Cited 8

Essential Algebraic Structure within the AES

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A block Lanczos algorithm for finding dependencies over GF(2)

EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Efficient algorithms for solving overdefined systems of multivariate polynomial equations

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
An analysis of the XSL algorithm

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security

Specific S-Box Criteria in Algebraic Attacks on Block Ciphers with Several Known Plaintexts

Research in Cryptology
Cryptographic Properties and Application of a Generalized Unbalanced Feistel Network Structure

ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
An Analysis of the Compact XSL Attack on BES and Embedded SMS4

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
New description of SMS4 by an embedding over GF(28)

INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Algebraic cryptanalysis of curry and flurry using correlated messages

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Cryptographic properties and application of a Generalized Unbalanced Feistel Network structure

Cryptography and Communications
On the relation between the MXL family of algorithms and Gröbner basis algorithms

Journal of Symbolic Computation
The 128-bit blockcipher CLEFIA

FSE'07 Proceedings of the 14th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

Currently, the only plausible attack on the Advanced Encryption System (AES) is the XSL attack over F256 through the Big Encryption System (BES) embedding. In this paper, we give an analysis of the XSL attack when applied to BES and conclude that the complexity estimate is too optimistic. For example, the complexity of XSL on BES-128 should be at least 2401 instead of the value of 287 from current literature. Our analysis applies to the eprint version of the XSL attack, which is different from the compact XSL attack studied by Cid and Leurent at Asiacrypt 2005. Moreover, we study the attack on the BES embedding of AES, while Cid and Leurent studies the attack on AES itself. Thus our analysis can be considered as a parallel work, which together with Cid and Leurent's study, disproves the effectiveness of both versions of the XSL attack against AES.