Essential Algebraic Structure within the AES

Murphy, Seán; Robshaw, Matthew J. B.

doi:10.1007/3-540-45708-9_1

Cited by 121 publications

(142 citation statements)

References 13 publications

Supporting

Mentioning

139

Contrasting

Order By: Relevance

“…Furthermore, not every property of the embedded cipher is of immediate relevance to the original cipher. Indeed, an example of a weakness of the larger algebraically embedded cipher that does not translate to the original cipher was given in [12]. However our framework allows us to immediately identify some embeddings that inevitably have little cryptanalytical value.…”

Section: Natural Extensions Of Embeddingsmentioning

confidence: 99%

“…The embedding of the AES in a larger cipher called Big Encryption System (BES) was introduced in [12]. The main goal of this construction was to represent the AES within a framework where the cipher could be expressed through simple operations (inversion and affine transformation) in the field F = GF (2 8 ).…”

Section: The Bes Extension Of the Aesmentioning

confidence: 99%

“…The state space algebra of the AES is the algebra A = F 16 , while the state space algebra of the BES is the algebra F 128 (denoted by B). The embedding function for the BES embedding is based on the vector conjugate mapping φ : F → F 8 [12], which maps an element of F to a vector of its eight conjugates. Thus φ is an injective ring homomorphism given by…”

Section: The Bes Extension Of the Aesmentioning

confidence: 99%

“…This leads to a natural mathematical derivation of the extended cryptographic functions of the larger block cipher. To illustrate our approach, we discuss some well-known examples of AES embeddings [1,11,12].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An Algebraic Framework for Cipher Embeddings

Cid

Murphy

Robshaw

2005

Cryptography and Coding

View full text Add to dashboard Cite

show abstract

Section: Natural Extensions Of Embeddingsmentioning

confidence: 99%

Section: The Bes Extension Of the Aesmentioning

confidence: 99%

Section: The Bes Extension Of the Aesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Algebraic Framework for Cipher Embeddings

Cid

Murphy

Robshaw

2005

Cryptography and Coding

View full text Add to dashboard Cite

show abstract

“…The first algebraic attack on a block cipher was discussed in [18]. For recent developments in the area of algebraic attacks on block ciphers see [1,2,5,6,15,16]. In [6] Courtois and Pieprzyk showed that AES [8] can be attacked by solving an overdefined system of algebraic equations.…”

Section: Introductionmentioning

confidence: 99%

Algebraic Immunity of S-Boxes Based on Power Mappings: Analysis and Construction

Nawaz

Gupta

Gong

2009

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

Abstract. The algebraic immunity of an S-box depends on the number and type of linearly independent multivariate equations it satisfies. In this paper techniques are developed to find the number of linearly independent, multivariate, bi-affine and quadratic equations for S-boxes based on power mappings. These techniques can be used to prove the exact number of equations for any class of power mappings. Two algorithms to calculate the number of bi-affine and quadratic equations for any (n, n) S-box based on power mapping are also presented. The time complexity of both algorithms is only O(n 2 ). To design algebraically immune S-boxes four new classes of S-boxes that guarantee zero bi-affine equations and one class of S-boxes that guarantees zero quadratic equations are presented. The algebraic immunity of power mappings based on Kasami, Niho, Dobbertin, Gold, Welch and Inverse exponents are discussed along with other cryptographic properties and several cryptographically strong S-boxes are identified. It is conjectured that a known Kasami like APN power mapping is maximally nonlinear and a known Kasami like maximally nonlinear power mapping is differentially 4-uniform. Finally an open problem to find an (n, n) bijective nonlinear S-box with more than 5n quadratic equations is solved and it is conjectured that the upper bound on this number is n(n−1) 2 .

show abstract

Security

2009

Advanced Wireless Networks

View full text Add to dashboard Cite

authentication. B responds with the enciphered rdc, thereby acknowledging that it has received the key K * , as shown in Table 15.4.Key maintenance includes procedures for key activation, key storage, key replacement, key translation, key recovery, black listing of compromised keys, key deactivation and key deletion. Some of the issues of key maintenance are addressed below.Storage of keying material refers to a key storage facility which provides secure storage of keys for future use, e.g. confidentiality and integrity for secret keying material, or integrity for public keys. Secret keying material must be protected by physical security (e.g. by storing it within a cryptographic device) or enciphered by keys that have physical security. For all keying material, unauthorized modification must be detectable by suitable authentication mechanisms.Key archival refers to procedures by which keys for notarization or nonrepudiation services can be securely archived. Archived keys may need to be retrieved at a much later date to prove or disprove certain claims.Key replacement enables parties to securely update their keying material. A key shall be replaced when its compromise is known or suspected. A key shall also be replaced within the time deemed feasible to determine it by an exhaustive attack. A replaced key shall not be reused. The replacement key shall not be a variant or any nonsecret transformation of the original key.Key recovery refers to cryptographic keys which may become lost due to human error, software bugs or hardware malfunction. In communication security, a simple handshake at session initiation can ensure that both entities are using the same key. Also, message authentication techniques can be used for testing that plaintext has been recovered using the proper key. Key authentication techniques permit keys to be validated prior to their use. In the case where a key was lost, it still may be possible to recover that key by searching part of the key space. This approach may be successful, if the number of likely candidates is small enough.Key deletion refers to procedures by which parties are assured of the secure destruction of keys that are no longer needed. Destroying a key means eliminating all records of this key, such that no information remaining after the deletion provides any feasibly usable information about the destroyed key.More information on key management can be found in References [33][34][35][36][37][38][39].

show abstract

Essential Algebraic Structure within the AES

Cited by 121 publications

References 13 publications

An Algebraic Framework for Cipher Embeddings

An Algebraic Framework for Cipher Embeddings

Algebraic Immunity of S-Boxes Based on Power Mappings: Analysis and Construction

Security

Contact Info

Product

Resources

About