Skip to main content
SpringerLink
Log in

On Exact Algebraic [Non-]Immunity of S-Boxes Based on Power Functions

  • Conference paper
Information Security and Privacy (ACISP 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4058))

Included in the following conference series:

Abstract

In this paper we are interested in algebraic immunity of several well known highly-nonlinear vectorial Boolean functions (or S-boxes), designed for block and stream ciphers. Unfortunately, ciphers that use such S-boxes may still be vulnerable to so called “algebraic attacks” proposed recently by Courtois, Pieprzyk, Meier, Armknecht, et al. These attacks are not always feasible in practice but are in general very powerful. They become possible, if we regard the S-boxes, no longer as highly-nonlinear functions of their inputs, but rather exhibit (and exploit) much simpler algebraic equations, that involve both input and the output bits. Instead of complex and “explicit” Boolean functions we have then simple and “implicit” algebraic relations that can be combined to fully describe the secret key of the system.

In this paper we look at the number and the type of relations that do exist for several well known components. We wish to correct or/and complete several inexact results on this topic that were presented at FSE 2004.

We also wish to bring a theoretical contribution. One of the main problems in the area of algebraic attacks is to prove that some systems of equations (derived from some more fundamental equations), are still linearly independent. We give a complete proof that the number of linearly independent equations for the Rijndael S-box (derived from the basic equation XY = 1) is indeed as reported by Courtois and Pieprzyk. It seems that nobody has so far proven this fundamental statement.

This work was partially supported by the French Ministry of Research RNRT X-CRYPT project and by the European Commission via ECRYPT network of excellence IST-2002-507932.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Armknecht, F.: On the Existence of low-degree Equations for Algebraic Attacks. Also presented at SASC Ecrypt workshop (State of the Art in Stream Ciphers), Bruges, Belgium (October 14-15, 2004) (preprint), Available at : eprint.iacr.org/2004/185/

  2. Armknecht, F., Krause, M.: Algebraic Attacks on Combiners with Memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Canteaut, A., Videau, M.: Degree of composition of highly nonlinear functions and applications to higher order differential cryptanalysis. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 518. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  4. Meier, W., Pasalic, E., Carlet, C.: Algebraic Attacks and Decomposition of Boolean Functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Carlet, C.: Improving the algebraic immunity of resilient and nonlinear functions and constructing bent functions (preprint ), Available at : http://eprint.iacr.org/2004/276.pdf

  6. Dalai, D.K., Gupta, K.C., Maitra, S.: Results on algebraic immunity for cryptographically significant Boolean functions. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 92–106. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Dalai, D.K., Gupta, K.C., Maitra, S.: Cryptographically Significant Boolean Functions: Construction and Analysis in Terms of Algebraic Immunity. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 98–111. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Yang, B.-Y., Chen, J.-M., Courtois, N.T.: On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic Cryptanalysis. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 401–413. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Cheon, J.H., Lee, D.-H.: Resistance of S-Boxes against Algebraic Attacks. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 83–94. Springer, Heidelberg (2004) Can be found at : http://www.math.snu.ac.kr/~jhcheon/Published/2004_FSE/FSE04_CL.pdf

    Chapter  Google Scholar 

  10. Coppersmith, D., Winograd, S.: Matrix multiplication via arithmetic progressions. J. Symbolic Computation 9, 251–280 (1990)

    Article  MATH  MathSciNet  Google Scholar 

  11. Camion, P., Carlet, C., Charpin, P., Sendrier, N.: On Correlation-immune Functions. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 86–100. Springer, Heidelberg (1992)

    Google Scholar 

  12. Courtois, N.: Feistel Schemes and Bi-Linear Cryptanalysis. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 23–40. Springer, Heidelberg (2004)

    Google Scholar 

  13. Courtois, N.T.: Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Courtois, N.T.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Courtois, N.T.: Algebraic Attacks on Combiners with Memory and Several Outputs. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 3–20. Springer, Heidelberg (2005), Extended version available on: http://eprint.iacr.org/2003/125/

    Chapter  Google Scholar 

  17. Courtois, N.: The security of Hidden Field Equations (HFE). In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 266–281. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Courtois, N.T., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002) (preprint with a different version of the attack) Available at: http://eprint.iacr.org/2002/044/

    Chapter  Google Scholar 

  19. Courtois, N., Castagnos, G., Goubin, L.: What do DES S-boxes Say to Each Other? Available on: http://eprint.iacr.org/2003/184/

  20. Courtois, N.T.: The Inverse S-Box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 170–188. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Courtois, N.T.: General Principles of Algebraic Attacks and New Design Criteria for Cipher Components. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 67–83. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. Daemen, J., Rijmen, V.: AES proposal: Rijndael, The latest revised version of the proposal is available on the Internet, http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf

  23. Dobbertin, H.: One-to-One Highly Nonlinear Power Functions on GF(2n). Appl. Algebra Eng. Commun. Comput. 9(2), 139–152 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  24. Dobbertin, H.: Almost perfect nonlinear power functions on GF(2n): the Welch case. IEEE Transactions on Information Theory 45(4), 1271–1275 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  25. Dobbertin, H.: Almost perfect nonlinear power functions on GF(2n): the Niho case. Information and Computation 151, 57–72 (1998)

    Article  MathSciNet  Google Scholar 

  26. Golic, J.Dj.: On the Security of Nonlinear Filter Generators. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 173–188. Springer, Heidelberg (1996)

    Google Scholar 

  27. Gold, R.: Maximal recursive sequences with 3-valued recursive crosscorrelation functions. IEEE Transactions on Information Theory 14, 154–156 (1968)

    Article  MATH  Google Scholar 

  28. Jakobsen, T.: Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 212–222. Springer, Heidelberg (1998)

    Google Scholar 

  29. Jakobsen, T., Knudsen, L.R.: The Interpolation Attack on Block Ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28–40. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  30. Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  31. Kasami, T.: The weight enumerators for several classes of subcodes of the second order binary Reed-Muller codes. Information and Control 18, 369–394 (1971)

    Article  MATH  MathSciNet  Google Scholar 

  32. Meier, W., Pasalic, E., Carlet, C.: Algebraic Attacks and Decomposition of Boolean Functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  33. Murphy, S., Robshaw, M.J.B.: Essential Algebraic Structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 1. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  34. Murphy, S., Robshaw, M.: An analysis of the XSL attack and it’s impact on the security of AES, Nessie report, https://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/Xslbes8_Ness.pdf

  35. Nyberg, K., Knudsen, L.R.: Provable security against differential cryptanalysis. In: Tanguiane, A.S. (ed.) Artificial Perception and Music Recognition. LNCS, vol. 746, pp. 566–574. Springer, Heidelberg (1993)

    Google Scholar 

  36. Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)

    Google Scholar 

  37. Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996), The extended version can be found at http://www.minrank.org/hfe.ps

    Google Scholar 

  38. Pieprzyk, J.: On bent premutations, Technical Report CS 91/11; The University of New South Wales, Australia

    Google Scholar 

  39. Courtois, N.T., Klimov, A.B., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  40. Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28, 704 (1949)

    Google Scholar 

  41. Strassen, V.: Gaussian Elimination is Not Optimal. Numerische Mathematik 13, 354–356 (1969)

    Article  MATH  MathSciNet  Google Scholar 

  42. Youssef, A.M., Gong, G.: Hyper-bent functions. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 406–419. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Axalto Cryptographic Research & Advanced Security, 36-38 rue de la Princesse, BP 45, F-78430 Cedex, Louveciennes, France

    Nicolas T. Courtois & Blandine Debraize

  2. Versailles University, 45 avenue des États-Unis, 78035 Cedex, Versailles, France

    Blandine Debraize

  3. Thales Communications, 160 bd de Valmy, BP 82, 92704 Cedex, Colombes, France

    Eric Garrido

Authors
  1. Nicolas T. Courtois
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Blandine Debraize
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eric Garrido
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University,  

    Lynn Margaret Batten

  2. Department of Computer Science, University of Calgary, T2N 1N4, Calgary,  

    Reihaneh Safavi-Naini

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Courtois, N.T., Debraize, B., Garrido, E. (2006). On Exact Algebraic [Non-]Immunity of S-Boxes Based on Power Functions. In: Batten, L.M., Safavi-Naini, R. (eds) Information Security and Privacy. ACISP 2006. Lecture Notes in Computer Science, vol 4058. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11780656_7

Download citation

  • DOI: https://doi.org/10.1007/11780656_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35458-1

  • Online ISBN: 978-3-540-35459-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation