Block Ciphers: Algebraic Cryptanalysis and Gröbner Bases

Block ciphers are one of the most important classes of cryptographic algorithms in current use. Commonly used to provide confidentiality for transmission and storage of information, they encrypt and decrypt blocks of data according to a secret key. Several recently proposed block ciphers (in particular the AES (Daemen and Rijmen in The Design of Rijndael, Springer, Berlin, 2002)) exhibit a highly algebraic structure: their round transformations are based on simple algebraic operations over a finite field of characteristic 2. This has caused an increasing amount of cryptanalytic attention to be directed to the algebraic properties of these ciphers. Of particular interest is the proposal of the so-called algebraic attacks against block ciphers. In these attacks, a cryptanalyst describes the encryption operation as a large set of multivariate polynomial equations, which—once solved—can be used to recover the secret key. Thus the difficulty of solving these systems of equations is directly related to the cipher’s security. As a result computational algebra is becoming an important tool for the cryptanalysis of block ciphers. In this paper we give an overview of block ciphers design and recall some of the work that has been developed in the area of algebraic cryptanalysis. We also consider a few computational and algebraic techniques that could be used in the analysis of block ciphers and discuss possible directions for future work.

[1]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[2]  Martin R. Albrecht,et al.  Algebraic Techniques in Differential Cryptanalysis , 2009, IACR Cryptol. ePrint Arch..

[3]  C. Y. Lee Representation of switching circuits by binary-decision programs , 1959 .

[4]  Jintai Ding,et al.  Overview of Cryptanalysis Techniques in Multivariate Public Key Cryptography , 2009, Gröbner Bases, Coding, and Cryptography.

[5]  Igor A. Semaev,et al.  New Technique for Solving Sparse Equation Systems , 2006, IACR Cryptology ePrint Archive.

[6]  H. Feistel Cryptography and Computer Privacy , 1973 .

[7]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[8]  Michael Brickenstein,et al.  PolyBoRi: A framework for Gröbner-basis computations with Boolean polynomials , 2009, J. Symb. Comput..

[9]  Frederik Armknecht,et al.  Algebraic Attacks on Stream Ciphers with Gröbner Bases , 2009, Gröbner Bases, Coding, and Cryptography.

[10]  Orr Dunkelman,et al.  Linear Cryptanalysis of CTC , 2006, IACR Cryptol. ePrint Arch..

[11]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[12]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[13]  Johannes A. Buchmann,et al.  A Zero-Dimensional Gröbner Basis for AES-128 , 2006, FSE.

[14]  Matthew J. B. Robshaw,et al.  Small Scale Variants of the AES , 2005, FSE.

[15]  Edward F. Schaefer,et al.  A SIMPLIFIED AES ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES , 2003, Cryptologia.

[16]  Alberto Zanoni,et al.  An algebraic interpretation of AεS-128 , 2005 .

[17]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[18]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[19]  Igor A. Semaev,et al.  Solving MRHS linear equations , 2007, IACR Cryptol. ePrint Arch..

[20]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[21]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[22]  Claude Carlet,et al.  Boolean Functions for Cryptography and Error-Correcting Codes , 2010, Boolean Models and Methods.

[23]  Gaëtan Leurent,et al.  An Analysis of the XSL Algorithm , 2005, ASIACRYPT.

[24]  Alex Biryukov,et al.  Block Ciphers and Systems of Quadratic Equations , 2003, FSE.

[25]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[26]  Johannes A. Buchmann,et al.  Block Ciphers Sensitive to Gröbner Basis Attacks , 2006, CT-RSA.

[27]  N. Bose Multidimensional Systems Theory , 1985 .

[28]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[29]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[30]  Raphael C.-W. Phan MINI ADVANCED ENCRYPTION STANDARD (MINI-AES): A TESTBED FOR CRYPTANALYSIS STUDENTS , 2002, Cryptologia.

[31]  Nicolas Courtois CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited , 2007, IACR Cryptol. ePrint Arch..

[32]  Michael Kalkbrener,et al.  Converting Bases with the Gröbner Walk , 1997, J. Symb. Comput..

[33]  Khoongming Khoo,et al.  An Analysis of XSL Applied to BES , 2007, FSE.

[34]  Toshinobu Kaneko,et al.  Quadratic Relation of S-box and Its Application to the Linear Attack of Full Round DES , 1998, CRYPTO.

[35]  Jean-Charles Faugère,et al.  Efficient Computation of Zero-Dimensional Gröbner Bases by Change of Ordering , 1993, J. Symb. Comput..

[36]  B. Buchberger,et al.  Grobner Bases : An Algorithmic Method in Polynomial Ideal Theory , 1985 .

[37]  Matthew J. B. Robshaw,et al.  Algebraic aspects of the advanced encryption standard , 2006 .

[38]  Bruno Buchberger,et al.  Bruno Buchberger's PhD thesis 1965: An algorithm for finding the basis elements of the residue class ring of a zero dimensional polynomial ideal , 2006, J. Symb. Comput..

[39]  Nicolas Courtois,et al.  How Fast can be Algebraic Attacks on Block Ciphers ? , 2006, IACR Cryptol. ePrint Arch..

[40]  Sheldon B. Akers,et al.  Binary Decision Diagrams , 1978, IEEE Transactions on Computers.

[41]  Matthew J. B. Robshaw,et al.  Essential Algebraic Structure within the AES , 2002, CRYPTO.

[42]  Michael Brickenstein,et al.  POLYBORI: A Gröbner basis framework for Boolean polynomials , 2007 .

[43]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[44]  Matthew J. B. Robshaw,et al.  An Algebraic Framework for Cipher Embeddings , 2005, IMACC.

[45]  Hideki Imai,et al.  Comparison Between XL and Gröbner Basis Algorithms , 2004, ASIACRYPT.