Cryptology ePrint Archive: Report 2005/200

Block ciphers sensitive to Groebner Basis Attacks

Johannes Buchmann and Andrei Pychkine and Ralf-Philipp Weinmann

Abstract: We construct and analyze Feistel and SPN ciphers that have a sound design strategy against linear and differential attacks but for which the encryption process can be described by very simple polynomial equations. For a block and key size of 128 bits, we present ciphers for which practical Groebner basis attacks can recover the full cipher key requiring only a minimal number of plaintext/ciphertext pairs. We show how Groebner bases for a subset of these ciphers can be constructed with neglegible computational effort. This reduces the key recovery problem to a Groebner basis conversion problem. By bounding the running time of a Groebner basis conversion algorithm, FGLM, we demonstrate the existence of block ciphers resistant against differential and linear cryptanalysis but vulnerable against Groebner basis attacks.

Category / Keywords: secret-key cryptography / cryptanalysis, block ciphers, algebraic attacks, Groebner bases

Date: received 27 Jun 2005

Contact author: weinmann at cdc informatik tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20050629:201820 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]