Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at https://www.ucl.ac.uk/finance/research/rs-contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
On Exact Algebraic [Non-]Immunity of S-boxes Based on Power Functions
  • Publication Type:
  • Authors:
    Courtois N, Debraize B, Garrido E
  • Publisher:
  • Publication date:
  • Place of publication:
    Berlin / Heidelberg, Germany
  • Pagination:
    76, 86
  • Published proceedings:
    Information Security and Privacy: 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006: Proceedings
  • Volume:
  • Series:
    Lecture Notes in Computer Science
  • Editors:
    Batten LM,Safavi-Naini R
  • ISBN-13:
  • Status:
  • Language:
  • Keywords:
    Boolean Functions, Algebraic Attacks on Block and Stream Ciphers, Low Degree Algebraic I/O Relations
In this paper we are interested in algebraic immunity of several well known highly-nonlinear vectorial Boolean functions (or S-boxes), designed for block and stream ciphers. Unfortunately, ciphers that use such S-boxes may still be vulnerable to so called “algebraic attacks” proposed recently by Courtois, Pieprzyk, Meier, Armknecht, et al. These attacks are not always feasible in practice but are in general very powerful. They become possible, if we regard the S-boxes, no longer as highly-nonlinear functions of their inputs, but rather exhibit (and exploit) much simpler algebraic equations, that involve both input and the output bits. Instead of complex and “explicit” Boolean functions we have then simple and “implicit” algebraic relations that can be combined to fully describe the secret key of the system. In this paper we look at the number and the type of relations that do exist for several well known components. We wish to correct or/and complete several inexact results on this topic that were presented at FSE 2004. We also wish to bring a theoretical contribution. One of the main problems in the area of algebraic attacks is to prove that some systems of equations (derived from some more fundamental equations), are still linearly independent. We give a complete proof that the number of linearly independent equations for the Rijndael S-box (derived from the basic equation XY = 1) is indeed as reported by Courtois and Pieprzyk. It seems that nobody has so far proven this fundamental statement.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
There are no UCL People associated with this publication
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by