ElimLin Algorithm Revisited

ElimLin is a simple algorithm for solving polynomial systems of multivariate equations over small finite fields. It was initially proposed as a single tool by Courtois to attack DES. It can reveal some hidden linear equations existing in the ideal generated by the system. We report a number of key theorems on ElimLin. Our main result is to characterize ElimLin in terms of a sequence of intersections of vector spaces. It implies that the linear space generated by ElimLin is invariant with respect to any variable ordering during elimination and substitution. This can be seen as surprising given the fact that it eliminates variables. On the contrary, monomial ordering is a crucial factor in Grobner basis algorithms such as F4. Moreover, we prove that the result of ElimLin is invariant with respect to any affine bijective variable change. Analyzing an overdefined dense system of equations, we argue that to obtain more linear equations in the succeeding iteration in ElimLin some restrictions should be satisfied. Finally, we compare the security of LBlock and MIBS block ciphers with respect to algebraic attacks and propose several attacks on Courtois Toy Cipher version 2 (CTC2) with distinct parameters using ElimLin.

[1]  Nicolas Courtois Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[2]  Mohammad Ghasemzadeh,et al.  A new algorithm for the quantified satisfiability problem, based on zero-suppressed binary decision diagrams and memoization , 2005 .

[3]  Marc Fischlin,et al.  Topics in Cryptology – CT-RSA 2009 , 2009 .

[4]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[5]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[6]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[7]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[8]  Michael Brickenstein,et al.  POLYBORI: A Gröbner basis framework for Boolean polynomials , 2007 .

[9]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[10]  Chae Hoon Lim,et al.  Information Security and Cryptology — ICISC 2002 , 2003, Lecture Notes in Computer Science.

[11]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[12]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[13]  Michael Vielhaber Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack , 2007, IACR Cryptol. ePrint Arch..

[14]  Janusz Szmidt The Cube Attack on Courtois Toy Cipher , 2009, NuTMiC.

[15]  Meiqin Wang,et al.  Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT , 2009, CANS.

[16]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[17]  Nicolas Courtois,et al.  How Fast can be Algebraic Attacks on Block Ciphers ? , 2006, IACR Cryptol. ePrint Arch..

[18]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[19]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[20]  Frederik Armknecht,et al.  Algebraic Attacks on Stream Ciphers with Gröbner Bases , 2009, Gröbner Bases, Coding, and Cryptography.

[21]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[22]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[23]  Nicolas Courtois CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited , 2007, IACR Cryptol. ePrint Arch..

[24]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[25]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[26]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[27]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[28]  Orr Dunkelman,et al.  Cryptanalysis of CTC2 , 2009, CT-RSA.

[29]  Nicolas Courtois,et al.  Algebraic Complexity Reduction and Cryptanalysis of GOST , 2011, IACR Cryptol. ePrint Arch..

[30]  Orr Dunkelman,et al.  Linear Cryptanalysis of CTC , 2006, IACR Cryptol. ePrint Arch..

[31]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[32]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[33]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[35]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[36]  Gregory V. Bard,et al.  Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers , 2007, IACR Cryptol. ePrint Arch..

[37]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[38]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[39]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[40]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[41]  Nicolas Courtois,et al.  The Dark Side of Security by Obscurity - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime , 2009, SECRYPT.

[42]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[43]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[44]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[45]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[46]  Nicolas Courtois,et al.  Algebraic Description and Simultaneous Linear Approximations of Addition in Snow 2.0 , 2008, ICICS.

[47]  Michael Brickenstein,et al.  PolyBoRi: A framework for Gröbner-basis computations with Boolean polynomials , 2009, J. Symb. Comput..

[48]  Gregory V. Bard,et al.  Algebraic Cryptanalysis , 2009 .

[49]  Serge Vaudenay,et al.  Cryptanalysis of Reduced-Round MIBS Block Cipher , 2010, CANS.

[50]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[51]  Niklas Een,et al.  MiniSat v1.13 - A SAT Solver with Conflict-Clause Minimization , 2005 .

[52]  Igor A. Semaev,et al.  Solving Multiple Right Hand Sides linear equations , 2008, Des. Codes Cryptogr..

[53]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[54]  Daniel W. Engels,et al.  The Hummingbird-2 Lightweight Authenticated Encryption Algorithm , 2011, RFIDSec.

[55]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[56]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[57]  Jean-Jacques Quisquater,et al.  Practical Algebraic Attacks on the Hitag2 Stream Cipher , 2009, ISC.

[58]  Eric Bach,et al.  Phase Transition of Multivariate Polynomial Systems , 2007, TAMC.

[59]  Babak Sadeghiyan,et al.  MIBS: A New Lightweight Block Cipher , 2009, CANS.

[60]  Willi Meier,et al.  Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[61]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[62]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[63]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[64]  Bruno Buchberger,et al.  Bruno Buchberger's PhD thesis 1965: An algorithm for finding the basis elements of the residue class ring of a zero dimensional polynomial ideal , 2006, J. Symb. Comput..

[65]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[66]  Nicolas Courtois,et al.  Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt , 2002, ICISC.

[67]  Matthew J. B. Robshaw,et al.  Essential Algebraic Structure within the AES , 2002, CRYPTO.