Essential Algebraic Structure within the AES
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A block Lanczos algorithm for finding dependencies over GF(2)
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
An analysis of the XSL algorithm
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Specific S-Box Criteria in Algebraic Attacks on Block Ciphers with Several Known Plaintexts
Research in Cryptology
Cryptographic Properties and Application of a Generalized Unbalanced Feistel Network Structure
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
An Analysis of the Compact XSL Attack on BES and Embedded SMS4
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
New description of SMS4 by an embedding over GF(28)
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Algebraic cryptanalysis of curry and flurry using correlated messages
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Cryptographic properties and application of a Generalized Unbalanced Feistel Network structure
Cryptography and Communications
On the relation between the MXL family of algorithms and Gröbner basis algorithms
Journal of Symbolic Computation
The 128-bit blockcipher CLEFIA
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Hi-index | 0.00 |
Currently, the only plausible attack on the Advanced Encryption System (AES) is the XSL attack over F256 through the Big Encryption System (BES) embedding. In this paper, we give an analysis of the XSL attack when applied to BES and conclude that the complexity estimate is too optimistic. For example, the complexity of XSL on BES-128 should be at least 2401 instead of the value of 287 from current literature. Our analysis applies to the eprint version of the XSL attack, which is different from the compact XSL attack studied by Cid and Leurent at Asiacrypt 2005. Moreover, we study the attack on the BES embedding of AES, while Cid and Leurent studies the attack on AES itself. Thus our analysis can be considered as a parallel work, which together with Cid and Leurent's study, disproves the effectiveness of both versions of the XSL attack against AES.