论文信息 - An Analysis of XSL Applied to BES

An Analysis of XSL Applied to BES

Currently, the only plausible attack on the Advanced Encryption System (AES) is the XSL attack over F256 through the Big Encryption System (BES) embedding. In this paper, we give an analysis of the XSL attack when applied to BES and conclude that the complexity estimate is too optimistic. For example, the complexity of XSL on BES-128 should be at least 2401 instead of the value of 287 from current literature. Our analysis applies to the eprint version of the XSL attack, which is different from the compact XSL attack studied by Cid and Leurent at Asiacrypt 2005. Moreover, we study the attack on the BES embedding of AES, while Cid and Leurent studies the attack on AES itself. Thus our analysis can be considered as a parallel work, which together with Cid and Leurent's study, disproves the effectiveness of both versions of the XSL attack against AES.

Khoongming Khoo | Chu-Wee Lim

[1] Yuliang Zheng,et al. Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[2] Gaëtan Leurent,et al. An Analysis of the XSL Algorithm , 2005, ASIACRYPT.

[3] Bart Preneel,et al. Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[4] Josef Pieprzyk,et al. Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[5] Moti Yung,et al. Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[6] Sean Murphy. Comments on the Security of the AES and the XSL Technique , 2002 .

[7] Matthew J. B. Robshaw,et al. Essential Algebraic Structure within the AES , 2002, CRYPTO.

[8] Jean-Jacques Quisquater,et al. Advances in Cryptology — EUROCRYPT ’95 , 2001, Lecture Notes in Computer Science.

[9] Adi Shamir,et al. Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[10] Peter L. Montgomery,et al. A Block Lanczos Algorithm for Finding Dependencies Over GF(2) , 1995, EUROCRYPT.

[11] Ian Bennion,et al. Characterisation of differential group delay of fibre devices with high resolution and enhanced immunity to environmental perturbation , 2003 .

[12] A. Maximov,et al. Fast computation of large distributions and its cryptographic applications , 2005 .