Cryptology ePrint Archive: Report 2005/203

On Exact Algebraic [Non-]Immunity of S-boxes Based on Power Functions

Nicolas Courtois and Blandine Debraize and Eric Garrido

Abstract: In this paper we are interested in algebraic immunity of several well known highly-nonlinear vectorial Boolean functions (or S-boxes), designed for block and stream ciphers. Unfortunately, ciphers that use such S-boxes may still be vulnerable to so called "algebraic attacks" proposed recently by Courtois, Pieprzyk, Meier, Armknecht, et al. These attacks are not always feasible in practice but are in general very powerful. They become possible, if we regard the S-boxes, no longer as highly-nonlinear functions of their inputs, but rather exhibit (and exploit) much simpler algebraic equations, that involve both input and the output bits. Instead of complex and "explicit" Boolean FUNCTIONS we have then simple and "implicit" algebraic RELATIONS that can be combined to fully describe the secret key of the system.

In this paper we look at the number and the type of relations that do exist for several well known components. We wish to correct or/and complete several inexact results on this topic that were presented at FSE 2004.

We also wish to bring a theoretical contribution. One of the main problems in the area of algebraic attacks is to prove that some systems of equations (derived from some more fundamental equations), are still linearly independent. We give a complete proof that the number of linearly independent equations for the Rijndael S-box (derived from the basic equation XY=1) is indeed as reported by Courtois and Pieprzyk. It seems that nobody has so far proven this fundamental statement.

Category / Keywords: secret-key cryptography / Boolean functions, algebraic attacks, block ciphers, stream ciphers

Date: received 28 Jun 2005, last revised 5 May 2006

Contact author: courtois at minrank org

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: This paper is (and should be) dedicated to the memory of Hans Dobbertin [1952-2006], that is recognised for his substantial contributions to the theory of Boolean functions, and did also pioneering work (that remains classified) in the area of algebraic cryptanalysis.

Version: 20060505:204711 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]