,,Cryptanalysis of Block Ciphers with Overdefined Systems of Equations'' Nicolas Courtois and Josef Pieprzyk http://eprint.iacr.org/2002/044/
Abstract: Several recently proposed ciphers are built with layers of small S-boxes, interconnected by linear key-dependent layers. Their security relies on the fact, that the classical methods of cryptanalysis (e.g. linear or differential attacks) are based on probabilistic characteristics, which makes their security grow exponentially with the number of rounds Nr. In this paper we study the security of such ciphers under an additional hypothesis: the S-box can be described by an overdefined system of algebraic equations (true with probability 1). We show that this hypothesis is true for both Serpent (due to a small size of S-boxes) and Rijndael (due to unexpected algebraic properties). -- Paweł Krawczyk * http://echelon.pl/kravietz/ Krakow, Poland * http://ipsec.pl/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]