Towards Efficient Algorithms in Algebraic Cryptanalysis

Many problems, including algebraic cryptanalysis, can be transformed to a problem of solving a (large) system of sparse Boolean equations. In this article we study 2 algorithms that can be used to remove some redundancy from such a system: Agreeing, and Syllogism method. Combined with appropriate guessing strategies, these methods can be used to solve the whole system of equations. We show that a phase transition occurs in the initial reduction of the randomly generated system of equations. When the number of (partial) solutions in each equation of the system is binomially distributed with probability of partial solution p, the number of partial solutions remaining after the initial reduction is very low for p’s below some threshold pt, on the other hand for p > pt the reduction only occurs with a quickly diminishing probability.

[1]  Igor A. Semaev Sparse Algebraic Equations over Finite Fields , 2009, SIAM J. Comput..

[2]  Jacques Patarin,et al.  About the XL Algorithm over GF(2) , 2003, CT-RSA.

[3]  Tim Güneysu,et al.  Cryptanalysis with COPACOBANA , 2008, IEEE Transactions on Computers.

[4]  Fabio Massacci,et al.  Logical Cryptanalysis as a SAT Problem , 2000, Journal of Automated Reasoning.

[5]  Gregory V. Bard,et al.  Algebraic Cryptanalysis , 2009 .

[6]  H. James Hoover,et al.  Fundamentals of the Theory of Computation: Principles and Practice , 1998 .

[7]  Joao Marques-Silva,et al.  GRASP: A Search Algorithm for Propositional Satisfiability , 1999, IEEE Trans. Computers.

[8]  Jinchang Wang,et al.  Solving propositional satisfiability problems , 1990, Annals of Mathematics and Artificial Intelligence.

[9]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[10]  Dale K. Pace,et al.  The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet , 1998 .

[11]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[12]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[13]  Angelos D. Keromytis,et al.  CryptoGraphics: Exploiting Graphics Cards For Security (Advances in Information Security) , 2006 .

[14]  Adi Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[15]  Håvard Raddum,et al.  Solving Equation Systems by Agreeing and Learning , 2010, WAIFI.

[16]  Jörg Rothe,et al.  Complexity Theory and Cryptology. An Introduction to Cryptocomplexity , 2005, Texts in Theoretical Computer Science. An EATCS Series.

[17]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[18]  Whitfield Diffie The first ten years of public-key cryptography , 1988 .

[19]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[20]  Matthias Krause BDD-Based Cryptanalysis of Keystream Generators , 2002, EUROCRYPT.

[21]  Fabrizio Grandoni,et al.  A measure & conquer approach for the analysis of exact algorithms , 2009, JACM.

[22]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002, Discret. Appl. Math..

[23]  Igor A. Semaev,et al.  Solving Multiple Right Hand Sides linear equations , 2008, Des. Codes Cryptogr..

[24]  Gregory V. Bard,et al.  Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers , 2007, IACR Cryptol. ePrint Arch..

[25]  Claude E. Shannon,et al.  The synthesis of two-terminal switching circuits , 1949, Bell Syst. Tech. J..

[26]  Jason Yang,et al.  Symmetric Key Cryptography on Modern Graphics Hardware , 2007, ASIACRYPT.

[27]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[28]  Stephen Warshall,et al.  A Theorem on Boolean Matrices , 1962, JACM.

[29]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[30]  Håvard Raddum,et al.  Analysis of Trivium Using Compressed Right Hand Side Equations , 2011, ICISC.

[31]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[32]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[33]  Matthew J. B. Robshaw,et al.  Small Scale Variants of the AES , 2005, FSE.

[34]  Stephen A. Cook,et al.  An overview of computational complexity , 1983, CACM.

[35]  Håvard Raddum,et al.  On the Number of Linearly Independent Equations Generated by XL , 2008, SETA.

[36]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[37]  Sofia Cassel,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 2012 .

[38]  Igor A. Semaev,et al.  New Technique for Solving Sparse Equation Systems , 2006, IACR Cryptology ePrint Archive.

[39]  Andreas Goerdt A Threshold for Unsatisfiability , 1996, J. Comput. Syst. Sci..

[40]  Igor A. Semaev,et al.  Improved Agreeing-Gluing Algorithm , 2013, Math. Comput. Sci..

[41]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[42]  Dirk Stegemann Extended BDD-Based Cryptanalysis of Keystream Generators , 2007, Selected Areas in Cryptography.

[43]  Håvard Raddum MRHS Equation Systems , 2007, Selected Areas in Cryptography.

[44]  Donald W. Loveland,et al.  A machine program for theorem-proving , 2011, CACM.

[45]  Claude Castelluccia,et al.  Extending SAT Solvers to Cryptographic Problems , 2009, SAT.

[46]  R. Landauer,et al.  Irreversibility and heat generation in the computing process , 1961, IBM J. Res. Dev..

[47]  R. Rudell Dynamic variable ordering for ordered binary decision diagrams , 1993, ICCAD 1993.

[48]  B. Preneel,et al.  Trivium Specifications ? , 2022 .

[49]  Sheldon B. Akers,et al.  Binary Decision Diagrams , 1978, IEEE Transactions on Computers.

[50]  Bart Selman,et al.  Local search strategies for satisfiability testing , 1993, Cliques, Coloring, and Satisfiability.

[51]  Hideki Imai,et al.  Comparison Between XL and Gröbner Basis Algorithms , 2004, ASIACRYPT.

[52]  Joao Marques-Silva,et al.  The Impact of Branching Heuristics in Propositional Satisfiability Algorithms , 1999, EPIA.

[53]  Donald E. Knuth,et al.  The Art of Computer Programming, Volume 4, Fascicle 2: Generating All Tuples and Permutations (Art of Computer Programming) , 2005 .

[54]  Martin R. Albrecht,et al.  On the relation between the MXL family of algorithms and Gröbner basis algorithms , 2012, J. Symb. Comput..

[55]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[56]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.