On the Interpolation Attacks on Block Ciphers

  • A. M. Youssef
  • G. Gong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1978)


The complexity of interpolation attacks on block ciphers depends on the degree of the polynomial approximation and/or on the number of terms in the polynomial approximation expression. In some situations, the round function or the S-boxes of the block cipher are expressed explicitly in terms of algebraic function, yet in many other occasions the S-boxes are expressed in terms of their Boolean function representation. In this case, the cryptanalyst has to evaluate the algebraic description of the S-boxes or the round function using the Lagrange interpolation formula. A natural question is what is the effect of the choice of the irreducible polynomial used to construct the finite field on the degree of the resulting polynomial. Another question is whether or not there exists a simple linear transformation on the input or output bits of the S-boxes (or the round function) such that the resulting polynomial has a less degree or smaller number of non-zero coefficients. In this paper we give an answer to these questions. We also present an explicit relation between the Lagrange interpolation formula and the Galois Field Fourier Transform.


Block cipher cryptanalysis interpolation attack finite fields Galois Field Fourier Transform 


  1. 1.
    R. Lidl and H. Niederreiter, Finite Fields (Encyclopedia of Mathematics and its Applications), Addison Wesley. Reading, MA. 1983.Google Scholar
  2. 2.
    R. J. McEliece, Finite Fields For Computer Scientists and Engineers, Kluwer Academic Publishers. Dordrecht. 1987.zbMATHGoogle Scholar
  3. 3.
    T. Jakobsen and L. Knudsen, The Interpolation Attack on Block Ciphers, LNCS 1267, Fast Software Encryption. pp. 28–40. 1997.Google Scholar
  4. 4.
    T. Jakobsen, Cryptanalysis of Block Ciphers with Probabilistic Non-linearRelations of Low Degree, Proceedings of Crypto’99. LNCS 1462. pp. 213–222. 1999.Google Scholar
  5. 5.
    V. Rijmen and B. Preneel, A family of trapdoor ciphers, Proceedings of Fast Software Encryption. LNCS 1267. pp. 139–148. 1997.CrossRefGoogle Scholar
  6. 6.
    M. Sudan, Decoding Reed Solomon Codes beyond the error-correction bound, Journal of Complexity. Vol. 1. pp180–193. March, 1997.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    G. Gong and S. W. Golomb, Transform Domain Analysis of DES, IEEE transactions on Information Theory. Vol. 6. pp. 2065–2073. September, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    K. Nyberg and L. Knudsen, Provable Security Against a Differential Attack, Journal of Cryptology. Vol. 1. 1995.Google Scholar
  9. 9.
    K. Aoki, Efficient Evaluation of Security against Generalized Interpolation Attack, Sixth Annual Workshop on Selected Areas in cryptography SAC’99. Workshop record. pp. 154–165. 1999.Google Scholar
  10. 10.
    S.W. Golomb,Shift Register Sequences, Aegean Park Press. Laguna Hills, California. 1982.Google Scholar
  11. 11.
    R.E. Blahut, Theory and Practice of Error Control Codes, Addison-Wesley. Reading, MA. 1990.Google Scholar
  12. 12.
    H. Wu, F. Bao, R. Deng and Q. Ye Cryptanalysis of Rijmen-Preneel Trapdoor Ciphers, LNCS 1514, Asiacrypt’98. pp. 126–132. 1998.Google Scholar
  13. 13.
    G. Gong and A.M. Youssef, Lagrange Interpolation Formula and Discrete Fourier Transform, Technical Report. Center for Applied Cryptographic Research. University ofWaterloo. 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • A. M. Youssef
    • 1
  • G. Gong
    • 1
  1. 1.Center for Applied Cryptographic Research Department of Combinatorics and OptimizationUniversity ofWaterlooWaterloo

Personalised recommendations