International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Obtaining and solving systems of equations in key variables only for the small variants of AES

Authors:
Stanislav Bulygin
Michael Brickenstein
Download:
URL: http://eprint.iacr.org/2008/435
Search ePrint
Search Google
Abstract: This work is devoted to attacking the small scale variants of the Advanced Encryption Standard (AES) via systems that contain only the initial key variables. To this end, we introduce a system of equations that naturally arises in the AES, and then eliminate all the intermediate variables via normal form reductions. The resulting system in key variables only is solved then. We also consider a possibility to apply our method in the meet-in-the-middle scenario especially with several plaintext/ciphertext pairs. We elaborate on the method further by looking for subsystems which contain fewer variables and are overdetermined, thus facilitating solving the large system.
BibTeX
@misc{eprint-2008-18169,
  title={Obtaining and solving systems of equations in key variables only for the small variants of AES},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / AES, block ciphers, boolean functions, cryptanalysis, implementation},
  url={http://eprint.iacr.org/2008/435},
  note={ bulygin@mathematik.uni-kl.de 14161 received 9 Oct 2008},
  author={Stanislav Bulygin and Michael Brickenstein},
  year=2008
}