Essential Algebraic Structure within the AES

  title={Essential Algebraic Structure within the AES},
  author={Sean Murphy and Matthew J. B. Robshaw},
  booktitle={Annual International Cryptology Conference},
  • S. MurphyM. Robshaw
  • Published in
    Annual International…
    18 August 2002
  • Computer Science, Mathematics
One difficulty in the cryptanalysis of the Advanced Encryption Standard AES is the tension between operations in the two fields GF(28) and GF(2). This paper outlines a new approach that avoids this conflict. We define a new block cipher, the BES, that uses only simple algebraic operations in GF(28). Yet the AES can be regarded as being identical to the BES with a restricted message space and key space, thus enabling the AES to be realised solely using simple algebraic operations in one field GF… 

Yet Another Algebraic Cryptanalysis of Small Scale Variants of AES

It is shown, for example, that one of the attacks can recover the secret key for one round of AES-128 under one minute on a contemporary CPU.

Algebraic aspects of the advanced encryption standard

This work will examine some algebraic aspects of the AES and consider a number of algebraic techniques that could be used in the analysis of the cipher, and focus on the large, though surprisingly simple, systems of multivariate quadratic equations derived from the encryption operation.


Algebraic attacks on the Advanced Encryption Standard are examined, including work that ‘embeds’ AES into another cryptosystem, BES, defined solely over GF(2), which allows breaking AES encryption to be reduced to solving the MQ problem for a much simpler system of quadratic equations defined over GF (2).

Building an Algebraic Representation of the AES in Sage

A Python class is written in the Sage source code which embodies the AES’ algebraic components and provides tools for studying these components in contexts such as algebraic cryptography and in comparison to other algebraic ciphers.

Looking Inside AES and BES

An algebraic representation of AeS-128 as an embedding in BeS, due to Murphy and Robshaw, is analyzed and two systems of equations S * and K * concerning encryption and key generation processes are presented.

On some probabilistic approximations for AES-like s-boxes

Computational and Algebraic Aspects of the Advanced Encryption Standard

It is shown how one can express the cipher as a very large, though surprisingly simple, system of multivariate quadratic equations over the finite field F28, and some approaches that can be used to solve this system.

On Some Weak Extensions of AES and BES

It is shown that the AES and BES can be embedded in their extensions by restricting these extensions on a given subset, and that these natural extensions are trivially weak by describing a cryptanalysis of them despite it leads to no consequence about the security of AES or BES.

A Three Rounds Property of the AES

  • M. Minier
  • Computer Science, Mathematics
    AES Conference
  • 2004
This paper presents a stronger property than the one used in the Bottleneck Cryptanalysis [GM00], which could not be used to mount a more efficient cryptanalysis than the Bott bottleneck Attack because it is not possible to improve the complexity of the four rounds distinguisher used in this attack.

A five-round algebraic property of AES and its application to the ALPHA-MAC

By employing the proposed five-round algebraic property of AES, this work provides a method to find second preimages of the ALPHA-MAC based on the assumption that a key or an intermediate value is known.



Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization

This paper considers Patarin's Hidden Field Equations (HFE) scheme, which is believed to be one of the strongest schemes of this type, and develops a new relinearization method for solving such systems for any constant Ɛ > 0 in expected polynomial time.

Cryptanalysis of Block Ciphers with Overdefined Systems of Equations

A new criterion for design of S-boxes in block ciphers should not be describable by a system of polynomial equations that is too small or too overdefined, and this is suggested for both Serpent and Rijndael.

The Design of Rijndael

This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.

Differential Cryptanalysis of the Data Encryption Standard

This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.

The Interpolation Attack on Block Ciphers

This paper cryptanalyse 5 rounds of a variant of SHARK, which deviates only slightly from the proposed SHark, and shows that there exist ciphers constructed according to this design strategy which can be broken faster than claimed.

Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms

Two new families of Asymmetric Algorithms that so far have resisted all attacks, if properly used: Hidden Field Equations (HFE) and Isomorphism of Polynomials (IP) are presented.

Linear Cryptanalysis Method for DES Cipher

  • M. Matsui
  • Computer Science, Mathematics
  • 1993
A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.

QUARTZ, 128-Bit Long Digital Signatures

This paper presents a first well defined algorithm and signature scheme, with concrete parameter choice, that gives 128-bit signatures while the best known attack to forge a signature is in 280.

A Simple Algebraic Representation of Rijndael

We show that there is a very straightforward closed algebraic formula for the Rijndael block cipher. This formula is highly structured and far simpler then algebraic formulations of any other block

Solving Underdefined Systems of Multivariate Quadratic Equations

The security of several recent digital signature schemes is based on the difficulty of solving large systems of quadratic multivariate polynomial equations over a finite field F. This problem,