Paper 2008/435

Obtaining and solving systems of equations in key variables only for the small variants of AES

Stanislav Bulygin and Michael Brickenstein

Abstract

This work is devoted to attacking the small scale variants of the Advanced Encryption Standard (AES) via systems that contain only the initial key variables. To this end, we introduce a system of equations that naturally arises in the AES, and then eliminate all the intermediate variables via normal form reductions. The resulting system in key variables only is solved then. We also consider a possibility to apply our method in the meet-in-the-middle scenario especially with several plaintext/ciphertext pairs. We elaborate on the method further by looking for subsystems which contain fewer variables and are overdetermined, thus facilitating solving the large system.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AESblock ciphersboolean functionscryptanalysisimplementation
Contact author(s)
bulygin @ mathematik uni-kl de
History
2008-10-20: received
Short URL
https://ia.cr/2008/435
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/435,
      author = {Stanislav Bulygin and Michael Brickenstein},
      title = {Obtaining and solving systems of equations in key variables only for the small variants of {AES}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/435},
      year = {2008},
      url = {https://eprint.iacr.org/2008/435}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.