高级数据加密标准的代数攻击方法研究
|
摘要
分组密码设计技术能够为数据传输提供保密功能良好的加密算法,最具代表性的就是被选作AES的Rijndael算法。密码分析技术能对分组密码的安全性进行理论和实践的论证,代数攻击方法是分组密码的有效攻击方法之一,这种密码分析方法是将密码算法归约成多元高次方程组,并通过代数算法恢复密钥变量和明文。
首先,介绍了Rijndael算法的设计原理和求解大型多元多项式方程组问题的研究进展,特别是近几年来有关于求解超定多元方程组取得的一系列新成果,对Relinearization算法和XL算法的基本思想以及针对不同GF(k)(k>2)域,GF(2)域,GF(2~n)域下的改进版本进行了系统阐述。
然后,研究了针对XSL密码的XSL攻击方法,分析了算法复杂度。引入BES密码,给出了GF(2~8)下的XSL攻击方法,分析了算法复杂度,并给出了代数脆弱性度量,指出求逆S盒的大小与抗代数攻击的关系。
最后,详细研究了Grobner基理论,Buchberger算法及其基于Buchbeger准则的改进Buchberger算法,与Rijndael算法的多变量二次方程组表示方法结合提出了一种基于Grobner基的代数攻击方法,采用一种项序转换算法FGML将次数反字典序转化为字典序,并通过精心设计的项序和方程组解的判定有效降低了攻击复杂度。该算法能够在已知少量明密文对的情况下对密钥进行求解。本文对算法的复杂度进行了分析。引入F4算法,描述了Grobner基与XL算法的关系,XL算法可以表示为一种冗余版本的F4算法。
Blockcipher can provide more secure algorithm in data transfer. The most typical technology is AES,Rijndael algorithm.Block cipher analyzing can prove algorithm security in theory and in practice,the threat of algebraic attacks to common cryptosystems has drawn a lot of attention.Algebraic attacks are attacks in which a cryptosystem is broken(for example the key,the plaintext)by solving a system of multivariate equations over a finite field(e.g.GF(2))that describes the whole cryptosystem.
The thesis introduces design detail of Rijndael and study general methods known for solving overdefined system of algebraic equation such as relinearization algorithm,XL algorithm and XL improved algorithm over GF(k)(k>2),GF(2)and GF(2~n).
Then XSL algorithm on XSL cipher and algorithm complexity are researched.By define BES cipher the author introduce XSL algorithm over GF(2~8).The measure of algebraic vulnerability and relation between the scale of S box and the resistance against the Algebraic attack were discussed.
At last Grobner basis theories are introduced including Buchbeger algorithm,Buchbeger improved algorithm based on Buchbeger criterion. By combining with an extremely sparse overdefined multivariate quadratic system over GF(2)as which Rijndael encryption can be described,a new method of Grobner Basis Attack against block cipher is proposed.By conversion algorithm FGLM,converting degree reverse lexicographic order into lexicographic order,elabrately designed order and solution set judgment,the complexity of Grobner basis attacks can be efficiently reduced.The Grobner basis attack can recover the full cipher key requiring only a minimal number of plaintext/ciphertext pairs. The complexity of Grobner basis attack is analyzed.By F4 algorithm the thesis clarify a relation between the XL algorithm and Grobner basis algorithm.The XL algorithm is also a Grobner basis algorithm that can be represented as a redundant version of a Grobner basis algorithm F4 under the assumption in XL.
首先,介绍了Rijndael算法的设计原理和求解大型多元多项式方程组问题的研究进展,特别是近几年来有关于求解超定多元方程组取得的一系列新成果,对Relinearization算法和XL算法的基本思想以及针对不同GF(k)(k>2)域,GF(2)域,GF(2~n)域下的改进版本进行了系统阐述。
然后,研究了针对XSL密码的XSL攻击方法,分析了算法复杂度。引入BES密码,给出了GF(2~8)下的XSL攻击方法,分析了算法复杂度,并给出了代数脆弱性度量,指出求逆S盒的大小与抗代数攻击的关系。
最后,详细研究了Grobner基理论,Buchberger算法及其基于Buchbeger准则的改进Buchberger算法,与Rijndael算法的多变量二次方程组表示方法结合提出了一种基于Grobner基的代数攻击方法,采用一种项序转换算法FGML将次数反字典序转化为字典序,并通过精心设计的项序和方程组解的判定有效降低了攻击复杂度。该算法能够在已知少量明密文对的情况下对密钥进行求解。本文对算法的复杂度进行了分析。引入F4算法,描述了Grobner基与XL算法的关系,XL算法可以表示为一种冗余版本的F4算法。
Blockcipher can provide more secure algorithm in data transfer. The most typical technology is AES,Rijndael algorithm.Block cipher analyzing can prove algorithm security in theory and in practice,the threat of algebraic attacks to common cryptosystems has drawn a lot of attention.Algebraic attacks are attacks in which a cryptosystem is broken(for example the key,the plaintext)by solving a system of multivariate equations over a finite field(e.g.GF(2))that describes the whole cryptosystem.
The thesis introduces design detail of Rijndael and study general methods known for solving overdefined system of algebraic equation such as relinearization algorithm,XL algorithm and XL improved algorithm over GF(k)(k>2),GF(2)and GF(2~n).
Then XSL algorithm on XSL cipher and algorithm complexity are researched.By define BES cipher the author introduce XSL algorithm over GF(2~8).The measure of algebraic vulnerability and relation between the scale of S box and the resistance against the Algebraic attack were discussed.
At last Grobner basis theories are introduced including Buchbeger algorithm,Buchbeger improved algorithm based on Buchbeger criterion. By combining with an extremely sparse overdefined multivariate quadratic system over GF(2)as which Rijndael encryption can be described,a new method of Grobner Basis Attack against block cipher is proposed.By conversion algorithm FGLM,converting degree reverse lexicographic order into lexicographic order,elabrately designed order and solution set judgment,the complexity of Grobner basis attacks can be efficiently reduced.The Grobner basis attack can recover the full cipher key requiring only a minimal number of plaintext/ciphertext pairs. The complexity of Grobner basis attack is analyzed.By F4 algorithm the thesis clarify a relation between the XL algorithm and Grobner basis algorithm.The XL algorithm is also a Grobner basis algorithm that can be represented as a redundant version of a Grobner basis algorithm F4 under the assumption in XL.
引文
[1]卢开澄.计算机密码学--计算机网络中的数据保密与安全(第三版)[M].北京:清华大学出版社,2003.24-30.
[2]吴文玲,冯登国.分组密码分析与设计[M].北京:清华大学出版社:2000.35-47.
[3]冯登国,吴文玲.密码分析学[M].北京:清华大学出版社:2000.35-47.
[4]M.Heys.,Howard.A Tutorial on Linear and Differential Cryptanalysis[J].Advances in Crptology-Eurocrypt,1994,35(4):22-28.
[5]Jorge Nakahara Jr,Joos Vande Walle and Hae Y.Kim.Sqare attacks on reduced-round PES and IDEA block Ciphers[J].Computer Encrption,1999,31(8):885-894.
[6]Yvo Desmedt,Tri Van Le,Michael Marrotte,Jean-Jacquater Quisquater.Algebraic Structures and Cycling Test of Rijndael[J].journal of IEEE Encrption,1999,13(6):24-30.
[7]Ju-Sung Kang,Seokhie Hong,Sangjin Lee.Practical and Provable Security against Differential and Linear Cryptanalysis for Substution-Permtation Networks[J].Advances in Crptology-Eurocrypt,2000,40(7):157-160.
[8]崔国华,张友明,洪帆.6圈和8圈的DES的改进攻击与实现[J].华中科技大学学报(自然科学版),2003,31(5):17-19.
[9]Jijmen,Joan Daemen Vincent.The Rijndael block cipher Aes Proposal Rijndael[M].NewYork:NIST,1997.36-39
[10]domazet,Haris.Rijndael advanced Encryption Standard[J].IEEE Joural on Selected Areas in Communicatins,1999,17(8):69-75.
[11]王林.Rijndael加密算法中的S-盒的分析[J].西安邮电学院学报,2000,35(3):52-54.
[12]陈勤,周丽.Rijndael分组密码的研究与分析[J].计算机工程与应用,2002,38(13):113-115.
[13]Jung Hee Cheon,Mun.Ju Kim.Impossible differential and Sqare attacks:Cryptanalytic link and application to Skipjack[J].Advances in Crptology-Eurocrypt,2000,40(3):5-9.
[14]Schneirer,Bruce.应用密码学:协议 算法与C源程序[M].北京:机械工 业出版社:2000,379-385.
[15]Elisa Oswald,Joan Daemen,Vincent Rijmen.AES-The State of the Art of Rijndael's Security[J].Dr.Dobb's Journal,1999,24(4):46-51.
[16]E.Biham,A.Biryukov,and A.Shamir.Crptanalysis of skipjack reduced to 31rounds using impossible differential[J].Advances in Crptology-Eurocrypt,1999,39(4):12-23.
[17]Kenji Ohkuma,Hideo Shimizu.Security Assessment of Hierocrypt and Rijndael against the Differential and Linear Cryptanalysis[J].IEEE PIMRC,1999,34(12):256-261.
[18]Jung Hee Cheon,Mun.Ju Kim.Improved Impossible Differential Crptanalysis of Rijndael and Crypton[J].Advances in Crptology-Eurocrypt,2001,41(3):119-122.
[19]sean Murphy,Matt Robshaw.New Observations on rijndael[J].IEEE/ACM Focus,2000,42(3):77-86.
[20]Alfred J.Menezes,Paul C.Van Oorschot,Scott A.Vanstone.Handbook of Applied Cryptography[M].canada:CRC Press,1996.143-159.
[21]Joan Daemen,Vincent Rijmen.AES and the wide trail design staregy[A].Eurocrypt 2002[C].Berlin:Spring-Verlag,2002:108-109.
[22]马虹博,刘连浩.AES的S盒和逆S盒的代数表达式[J].计算机工程,2006,32(18):149-151.
[23]N Courtois,L Goubin,W Meier,Tacier,J.Solving underdefined systems of multivariate quadratic equations[A].Proceedings of Public Key Cryptography 2002,LNCS 2274[C].Springer-Verlag,2002:211-227.
[24]Courtois,Nicolas.The security of Hidden Field Equations(HFE)[A].Cryptographers' Track Rsa Conference 2001[C].San Francisco:Springer-Verlag,8-12 April 2001:266-281.
[25]Patarin,jacques.Genetic Attacks on Feistel Schemes[A].Asiacrypt2001[C].LNCS2248:Springer:222-283.
[26]Faugere,Jean-Charles.Report on a successful attack of HFE Challege 1 with Grobner bases algorithm FS/2[EB/OL].sci.crypt newsgroup.Available,April 19th 2002.
[27]张龙,吴文玲,温巧燕.流密码代数攻击的研究现状及其展望[J].通信学报,2006,27(1):91-98.
[28]肖国镇,白恩健,刘晓娟.AES密码分析的若干新进展[J].电子学报, 2003,31(10):1549-1554.
[29]N Ferguson,R Shroeppel,D Whiting.A simple algebraric representation of Rijndael[A].Proceedings of Selected Areas in Cryptography[C].Las Vegas,USA:Springer-Verlag,2001:103-111.
[30]N Courtois,A Klimov,J Patarin,A Shamir.Efficient algorithms for solving overdefined systems of multivariate polynomial equations[A].Proceedings of Eurocrypt 2000,LNCS 1807[C].Springer-Verlag,2000:392-407.
[31]N Courtois,J Pieprzyk.Cryptanalysis of block ciphers with overdefined systems of equations[A].In Asiacrypt 2002,Volume 2501 of Lecture Notes in Computer Science[C].Springer-Verlag:2002:267-287.
[32]Iyad A.Ajwa,Zhuojun Liu,Paul S.Wang.Grobner Bases Alorithm[EB/OL].Available cm.mcs.kent.edu/reports/1995/gb.pdf,2003.
[33]Nicolas T.Courtois,Blandine Debraize,Eric Garrido.On Exact Algebraic [Non-]Immunity of S-boxes Based on Power Functions[EB/OL].Available http://eprint.iacr.org/2005/203.pdf,2005.
[34]Nyberg,K.Perfect Nonlinear S-boxes[A].Advances in Cryptology-EUROCRYPT'91 Proceedings[C].1991:378-386.
[35]Robshaw,Carlos Cid and Sean Murphy and Matthew.Algebraic Aspects of the Advanced Encryption Standard[M].New York,NY,USA:Springer US,2006.287-296.
[36]S.Murphy,Robshaw,M.J.B.Essential algebraic structure within the AES[A].Advances in Cryrtology-CRYPTO 2002[C].Amsterdam,Netherlands:Springer-Verlag,2002:1-16.
[37]S.Murphy,M.J.B Robshaw.Comments on the Security of the AES and the XSLTechnique[EB/OL].Available http://www.cosic.esat.kuleuven.ac.be /nessie/reports/,2003.
[38]Faugere,Jean-Charles.A new efficient algorithm for computing Grobner bases(F4)[J].Pure and Applied Algebra,1999,139 61-88.
[39]Faugere,Jean-Charles.A new efficient algorithm for computing Grobner bases without reduction to 0 F_5[A].Proceeding of ISSAC[C].ACM press,2002:75-83.
[40]Makoto Sugita,Mitsuru Kawazoe,Hideki Imai.Relation between XL algorithm and Grobner Bases Algorithms[EB/OL].Available http://eprint.iacr.org/2004/112.pdf,2004.
[41]卢开澄.计算机密码学[M].北京:清华大学出版社,1999.151-180.
[42]马虹博.高级加密标准及短分组加密技术应用研究[D]:[硕士学位论文].长沙:中南大学,2006.
[43]刘连浩.高级加密标准及短分组加密技术应用研究[D]:[博士学位论文].中南大学,2006.
[44]Aviad Kipnis,Adi Shamir.Cryptanalysis of the HFE Public Key Cryptosystem[A].Proceedings of Crypto'99[C].Springer-verlag,1999.
[45]Patarin,Nicolas T.Courtois Jacques.About the XL Algorithm over GF(2)[A].CT-RSA[C].2003:141-157.
[46]Bo-Yin Yang,Jiun-Ming Chen.All in XL Family:Theory and practice[A].ICISC 2004[C].Springer-Verlag,2005:67-68.
[47]Chen,B.-Y.Yang and J.-M.Theoretical Analysis of XL over Small Fields[A].ACISP2004[C].LNCS3108,2004:277-288.
[48]N.Courtois.Algebrac Attacks over GF(2~k),Cryptanalysis of HFE Challenge 2and SFLASH[A].PKC'04[C].2004:201-217.
[49]Leurent,Carlos Cid and Gaetan.An Analysis of the XSL Algorithm[A].Lecture Notes in Computer Science[C].:Springer-Verlag,2005:333-352.
[50]Khoo,Chu-Wee Lim and Khoongming.An Anslysis of XSL Applied to BES[A].Fast Software Encryption 2007[C].Lecture Notes in Computer Science:Springer-Verlag,2007:242-253.
[51]Don Coppersmith,Shmuel Winograd.Matrix multication via arithmetic progressions[J].J.Symbolic Computation,1990,9 251-280.
[52]Jacques Patarin,Nicolas Courtois,Louis Goubin.Improved Algorithms for Isomorphism of Polynomials[A].Eurocrypt[C].Springer-Vedag,1998.
[53]何青.计算代数[M].北京:北京师范大学出版社:1997.29-32.
[54]Johannes Buchmann,Andrei Pyshkin,Ralf-Philipp Weinmann.Block ciphers sensitive to Grobner Basis Attacks[A].CT-RSA2006[C].Lecture Note in Computer Science,2006:10-20.
[55]Cid,C.,Murphy,S.,Robshow,M.Small Scale Varants of the AES[A].Fast Software Ecryption,12th International Workshop,FSE2005[C].Paris,France:Lecture Notes in Compter Science,Springer,2005:39-42.
[56]B.Buchberger.Grobner Base:An Algorithmic Method in Polynomial Ideal Theory.In recent Trends in Multidimensional Systems Theory[M].D.Reidel Publishing Company,1986.44-52.
[57]D.Cox,j.Little,and D.O'Shea.Ideals,Varieties,and Algorithms:An Introduction to Computational Algebraic Geometry and Commutative Algebra[J].Springer-verlag,1991,139(34):61-88.
[58]B.Buchberger.A Criterion for Detecting Unnecessary Reductions in the Construction of Grobner Bases[A].Lecture Note in Computer Science[C].Springer-Verlag,1979.84-90.
[59]刘木兰.Grobner基理论及其应用[M].北京:科学出版社,2000.154-160.
[60]D.Cox,j.Little,and D.O'Shea.Using Algebraic Geometry[M].Springer-Verag,1998.
[61]Jean-Charles Faugere,Antoine Joux.Algebraic Cryptanalysis of Hidden Field Equation(HFE)Cryptosystems Using Grobner Bases[A].Advances in Cryptology - CRYPTO 2003[C].Springer-Verlag,2003:44-60.
[62]J.C.Faugere,P.Gianni,D.Lazard,T.Mora.Efficient Computation of Zero-dimensional Grobner Bases by Change of Ordering[J].Journal of Symbolic Computation,1993,16 329-344.
[2]吴文玲,冯登国.分组密码分析与设计[M].北京:清华大学出版社:2000.35-47.
[3]冯登国,吴文玲.密码分析学[M].北京:清华大学出版社:2000.35-47.
[4]M.Heys.,Howard.A Tutorial on Linear and Differential Cryptanalysis[J].Advances in Crptology-Eurocrypt,1994,35(4):22-28.
[5]Jorge Nakahara Jr,Joos Vande Walle and Hae Y.Kim.Sqare attacks on reduced-round PES and IDEA block Ciphers[J].Computer Encrption,1999,31(8):885-894.
[6]Yvo Desmedt,Tri Van Le,Michael Marrotte,Jean-Jacquater Quisquater.Algebraic Structures and Cycling Test of Rijndael[J].journal of IEEE Encrption,1999,13(6):24-30.
[7]Ju-Sung Kang,Seokhie Hong,Sangjin Lee.Practical and Provable Security against Differential and Linear Cryptanalysis for Substution-Permtation Networks[J].Advances in Crptology-Eurocrypt,2000,40(7):157-160.
[8]崔国华,张友明,洪帆.6圈和8圈的DES的改进攻击与实现[J].华中科技大学学报(自然科学版),2003,31(5):17-19.
[9]Jijmen,Joan Daemen Vincent.The Rijndael block cipher Aes Proposal Rijndael[M].NewYork:NIST,1997.36-39
[10]domazet,Haris.Rijndael advanced Encryption Standard[J].IEEE Joural on Selected Areas in Communicatins,1999,17(8):69-75.
[11]王林.Rijndael加密算法中的S-盒的分析[J].西安邮电学院学报,2000,35(3):52-54.
[12]陈勤,周丽.Rijndael分组密码的研究与分析[J].计算机工程与应用,2002,38(13):113-115.
[13]Jung Hee Cheon,Mun.Ju Kim.Impossible differential and Sqare attacks:Cryptanalytic link and application to Skipjack[J].Advances in Crptology-Eurocrypt,2000,40(3):5-9.
[14]Schneirer,Bruce.应用密码学:协议 算法与C源程序[M].北京:机械工 业出版社:2000,379-385.
[15]Elisa Oswald,Joan Daemen,Vincent Rijmen.AES-The State of the Art of Rijndael's Security[J].Dr.Dobb's Journal,1999,24(4):46-51.
[16]E.Biham,A.Biryukov,and A.Shamir.Crptanalysis of skipjack reduced to 31rounds using impossible differential[J].Advances in Crptology-Eurocrypt,1999,39(4):12-23.
[17]Kenji Ohkuma,Hideo Shimizu.Security Assessment of Hierocrypt and Rijndael against the Differential and Linear Cryptanalysis[J].IEEE PIMRC,1999,34(12):256-261.
[18]Jung Hee Cheon,Mun.Ju Kim.Improved Impossible Differential Crptanalysis of Rijndael and Crypton[J].Advances in Crptology-Eurocrypt,2001,41(3):119-122.
[19]sean Murphy,Matt Robshaw.New Observations on rijndael[J].IEEE/ACM Focus,2000,42(3):77-86.
[20]Alfred J.Menezes,Paul C.Van Oorschot,Scott A.Vanstone.Handbook of Applied Cryptography[M].canada:CRC Press,1996.143-159.
[21]Joan Daemen,Vincent Rijmen.AES and the wide trail design staregy[A].Eurocrypt 2002[C].Berlin:Spring-Verlag,2002:108-109.
[22]马虹博,刘连浩.AES的S盒和逆S盒的代数表达式[J].计算机工程,2006,32(18):149-151.
[23]N Courtois,L Goubin,W Meier,Tacier,J.Solving underdefined systems of multivariate quadratic equations[A].Proceedings of Public Key Cryptography 2002,LNCS 2274[C].Springer-Verlag,2002:211-227.
[24]Courtois,Nicolas.The security of Hidden Field Equations(HFE)[A].Cryptographers' Track Rsa Conference 2001[C].San Francisco:Springer-Verlag,8-12 April 2001:266-281.
[25]Patarin,jacques.Genetic Attacks on Feistel Schemes[A].Asiacrypt2001[C].LNCS2248:Springer:222-283.
[26]Faugere,Jean-Charles.Report on a successful attack of HFE Challege 1 with Grobner bases algorithm FS/2[EB/OL].sci.crypt newsgroup.Available,April 19th 2002.
[27]张龙,吴文玲,温巧燕.流密码代数攻击的研究现状及其展望[J].通信学报,2006,27(1):91-98.
[28]肖国镇,白恩健,刘晓娟.AES密码分析的若干新进展[J].电子学报, 2003,31(10):1549-1554.
[29]N Ferguson,R Shroeppel,D Whiting.A simple algebraric representation of Rijndael[A].Proceedings of Selected Areas in Cryptography[C].Las Vegas,USA:Springer-Verlag,2001:103-111.
[30]N Courtois,A Klimov,J Patarin,A Shamir.Efficient algorithms for solving overdefined systems of multivariate polynomial equations[A].Proceedings of Eurocrypt 2000,LNCS 1807[C].Springer-Verlag,2000:392-407.
[31]N Courtois,J Pieprzyk.Cryptanalysis of block ciphers with overdefined systems of equations[A].In Asiacrypt 2002,Volume 2501 of Lecture Notes in Computer Science[C].Springer-Verlag:2002:267-287.
[32]Iyad A.Ajwa,Zhuojun Liu,Paul S.Wang.Grobner Bases Alorithm[EB/OL].Available cm.mcs.kent.edu/reports/1995/gb.pdf,2003.
[33]Nicolas T.Courtois,Blandine Debraize,Eric Garrido.On Exact Algebraic [Non-]Immunity of S-boxes Based on Power Functions[EB/OL].Available http://eprint.iacr.org/2005/203.pdf,2005.
[34]Nyberg,K.Perfect Nonlinear S-boxes[A].Advances in Cryptology-EUROCRYPT'91 Proceedings[C].1991:378-386.
[35]Robshaw,Carlos Cid and Sean Murphy and Matthew.Algebraic Aspects of the Advanced Encryption Standard[M].New York,NY,USA:Springer US,2006.287-296.
[36]S.Murphy,Robshaw,M.J.B.Essential algebraic structure within the AES[A].Advances in Cryrtology-CRYPTO 2002[C].Amsterdam,Netherlands:Springer-Verlag,2002:1-16.
[37]S.Murphy,M.J.B Robshaw.Comments on the Security of the AES and the XSLTechnique[EB/OL].Available http://www.cosic.esat.kuleuven.ac.be /nessie/reports/,2003.
[38]Faugere,Jean-Charles.A new efficient algorithm for computing Grobner bases(F4)[J].Pure and Applied Algebra,1999,139 61-88.
[39]Faugere,Jean-Charles.A new efficient algorithm for computing Grobner bases without reduction to 0 F_5[A].Proceeding of ISSAC[C].ACM press,2002:75-83.
[40]Makoto Sugita,Mitsuru Kawazoe,Hideki Imai.Relation between XL algorithm and Grobner Bases Algorithms[EB/OL].Available http://eprint.iacr.org/2004/112.pdf,2004.
[41]卢开澄.计算机密码学[M].北京:清华大学出版社,1999.151-180.
[42]马虹博.高级加密标准及短分组加密技术应用研究[D]:[硕士学位论文].长沙:中南大学,2006.
[43]刘连浩.高级加密标准及短分组加密技术应用研究[D]:[博士学位论文].中南大学,2006.
[44]Aviad Kipnis,Adi Shamir.Cryptanalysis of the HFE Public Key Cryptosystem[A].Proceedings of Crypto'99[C].Springer-verlag,1999.
[45]Patarin,Nicolas T.Courtois Jacques.About the XL Algorithm over GF(2)[A].CT-RSA[C].2003:141-157.
[46]Bo-Yin Yang,Jiun-Ming Chen.All in XL Family:Theory and practice[A].ICISC 2004[C].Springer-Verlag,2005:67-68.
[47]Chen,B.-Y.Yang and J.-M.Theoretical Analysis of XL over Small Fields[A].ACISP2004[C].LNCS3108,2004:277-288.
[48]N.Courtois.Algebrac Attacks over GF(2~k),Cryptanalysis of HFE Challenge 2and SFLASH[A].PKC'04[C].2004:201-217.
[49]Leurent,Carlos Cid and Gaetan.An Analysis of the XSL Algorithm[A].Lecture Notes in Computer Science[C].:Springer-Verlag,2005:333-352.
[50]Khoo,Chu-Wee Lim and Khoongming.An Anslysis of XSL Applied to BES[A].Fast Software Encryption 2007[C].Lecture Notes in Computer Science:Springer-Verlag,2007:242-253.
[51]Don Coppersmith,Shmuel Winograd.Matrix multication via arithmetic progressions[J].J.Symbolic Computation,1990,9 251-280.
[52]Jacques Patarin,Nicolas Courtois,Louis Goubin.Improved Algorithms for Isomorphism of Polynomials[A].Eurocrypt[C].Springer-Vedag,1998.
[53]何青.计算代数[M].北京:北京师范大学出版社:1997.29-32.
[54]Johannes Buchmann,Andrei Pyshkin,Ralf-Philipp Weinmann.Block ciphers sensitive to Grobner Basis Attacks[A].CT-RSA2006[C].Lecture Note in Computer Science,2006:10-20.
[55]Cid,C.,Murphy,S.,Robshow,M.Small Scale Varants of the AES[A].Fast Software Ecryption,12th International Workshop,FSE2005[C].Paris,France:Lecture Notes in Compter Science,Springer,2005:39-42.
[56]B.Buchberger.Grobner Base:An Algorithmic Method in Polynomial Ideal Theory.In recent Trends in Multidimensional Systems Theory[M].D.Reidel Publishing Company,1986.44-52.
[57]D.Cox,j.Little,and D.O'Shea.Ideals,Varieties,and Algorithms:An Introduction to Computational Algebraic Geometry and Commutative Algebra[J].Springer-verlag,1991,139(34):61-88.
[58]B.Buchberger.A Criterion for Detecting Unnecessary Reductions in the Construction of Grobner Bases[A].Lecture Note in Computer Science[C].Springer-Verlag,1979.84-90.
[59]刘木兰.Grobner基理论及其应用[M].北京:科学出版社,2000.154-160.
[60]D.Cox,j.Little,and D.O'Shea.Using Algebraic Geometry[M].Springer-Verag,1998.
[61]Jean-Charles Faugere,Antoine Joux.Algebraic Cryptanalysis of Hidden Field Equation(HFE)Cryptosystems Using Grobner Bases[A].Advances in Cryptology - CRYPTO 2003[C].Springer-Verlag,2003:44-60.
[62]J.C.Faugere,P.Gianni,D.Lazard,T.Mora.Efficient Computation of Zero-dimensional Grobner Bases by Change of Ordering[J].Journal of Symbolic Computation,1993,16 329-344.