Cryptology ePrint Archive: Report 2008/435

Obtaining and solving systems of equations in key variables only for the small variants of AES

Stanislav Bulygin and Michael Brickenstein

Abstract: This work is devoted to attacking the small scale variants of the Advanced Encryption Standard (AES) via systems that contain only the initial key variables. To this end, we introduce a system of equations that naturally arises in the AES, and then eliminate all the intermediate variables via normal form reductions. The resulting system in key variables only is solved then. We also consider a possibility to apply our method in the meet-in-the-middle scenario especially with several plaintext/ciphertext pairs. We elaborate on the method further by looking for subsystems which contain fewer variables and are overdetermined, thus facilitating solving the large system.

Category / Keywords: secret-key cryptography / AES, block ciphers, boolean functions, cryptanalysis, implementation

Date: received 9 Oct 2008

Contact author: bulygin at mathematik uni-kl de

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20081020:183513 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]