On the Efficiency of Solving Boolean Polynomial Systems with the Characteristic Set Method

Abstract An improved characteristic set algorithm for solving Boolean polynomial systems is proposed. This algorithm is based on the idea of converting all the polynomials into monic ones by zero decomposition, and using additions to obtain pseudo-remainders. Three important techniques are applied in the algorithm. The first one is eliminating variables by new generated linear polynomials. The second one is optimizing the strategy of choosing polynomial for zero decomposition. The third one is to compute add-remainders to eliminate the leading variable of new generated monic polynomials. By analyzing the depth of the zero decomposition tree, we present some complexity bounds of this algorithm, which are lower than the complexity bounds of previous characteristic set algorithms. Extensive experimental results show that this new algorithm is more efficient than previous characteristic set algorithms for solving Boolean polynomial systems.

[1]  Xiao-Shan Gao,et al.  Ritt-Wu's Decomposition Algorithm and Geometry Theorem Proving , 1990, CADE.

[2]  Marc Moreno Maza,et al.  On the Theories of Triangular Sets , 1999, J. Symb. Comput..

[3]  Willi Meier,et al.  Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[4]  Agnes Szanto,et al.  Computation with polynomial systems , 1999 .

[5]  Gregory V. Bard,et al.  Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers , 2007, IACR Cryptol. ePrint Arch..

[6]  Eric Filiol,et al.  Ciphertext Only Reconstruction of Stream Ciphers Based on Combination Generators , 2000, FSE.

[7]  Daniel Lazard,et al.  Gröbner-Bases, Gaussian elimination and resolution of systems of algebraic equations , 1983, EUROCAL.

[8]  Vladimir P. Gerdt,et al.  A pommaret division algorithm for computing Grobner bases in boolean rings , 2008, ISSAC '08.

[9]  Jean-Charles Faugère,et al.  Algebraic Attack Against Trivium , 2008 .

[10]  Lars R. Knudsen,et al.  Slender-Set Differential Cryptanalysis , 2011, Journal of Cryptology.

[11]  Giovanni Gallo,et al.  Efficient algorithms and bounds for Wu-Ritt characteristic sets , 1991 .

[12]  S. Smale Mathematical problems for the next century , 1998 .

[13]  Amir F. Atiya,et al.  Solution of systems of Boolean equations via the integer domain , 2010, Inf. Sci..

[14]  David A. Cox,et al.  Ideals, Varieties, and Algorithms , 1997 .

[15]  Jean-Charles Faugère,et al.  Complexity of Gröbner basis computation for Semi-regular Overdetermined sequences over F_2 with solutions in F_2 , 2002 .

[16]  Marc Girault,et al.  Hardness of the Main Computational Problems Used in Cryptography , 2007 .

[17]  Magali Bardet,et al.  Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie , 2004 .

[18]  Dongdai Lin,et al.  Attacking Bivium and Trivium with the Characteristic Set Method , 2011, AFRICACRYPT.

[19]  Y. Andre,et al.  Differential algebra , 2020, De Rham Cohomology of Differential Modules on Algebraic Varieties.

[20]  Jean-Charles Faugère,et al.  An Algebraic Cryptanalysis of Nonlinear Filter Generators using Gröbner bases , 2003 .

[21]  Zhenyu Huang,et al.  Parametric equation solving and quantifier elimination in finite fields with the characteristic set method , 2012, Journal of Systems Science and Complexity.

[22]  J. Faugère,et al.  On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations , 2004 .

[23]  Xiao-Shan Gao,et al.  A characteristic set method for solving boolean equations and applications in cryptanalysis of stream ciphers* , 2008, J. Syst. Sci. Complex..

[24]  Evelyne Hubert,et al.  Factorization-free Decomposition Algorithms in Differential Algebra , 2000, J. Symb. Comput..

[25]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[26]  Chenqi Mou,et al.  Decomposing polynomial sets into simple sets over finite fields: The zero-dimensional case , 2010, Comput. Math. Appl..

[27]  S. Cook,et al.  Logical Foundations of Proof Complexity: INDEX , 2010 .

[28]  Claude Castelluccia,et al.  Extending SAT Solvers to Cryptographic Problems , 2009, SAT.

[29]  Rudolf Lide,et al.  Finite fields , 1983 .

[30]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[31]  François Boulier,et al.  Representation for the radical of a finitely generated differential ideal , 1995, ISSAC '95.

[32]  Shin-ichi Minato,et al.  Zero-Suppressed BDDs for Set Manipulation in Combinatorial Problems , 1993, 30th ACM/IEEE Design Automation Conference.

[33]  Nicolas Courtois Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[34]  Guo-qiang Liu,et al.  Differential cryptanalysis of PRESENT-like cipher , 2015, Des. Codes Cryptogr..

[35]  S. Chou Mechanical Geometry Theorem Proving , 1987 .

[36]  Dongdai Lin,et al.  Solving polynomial systems with noise over F2: Revisited , 2017, Theor. Comput. Sci..

[37]  Marc Moreno Maza,et al.  On approximate triangular decompositions in dimension zero , 2007, J. Symb. Comput..

[38]  Min Zhu,et al.  PBCS: An Efficient Parallel Characteristic Set Method for Solving Boolean Polynomial Systems , 2018, ICPP.

[39]  H. Michael Möller,et al.  On decomposing systems of polynomial equations with finitely many solutions , 1993, Applicable Algebra in Engineering, Communication and Computing.

[40]  Daniel Lazard,et al.  A new method for solving algebraic systems of positive dimension , 1991, Discret. Appl. Math..

[41]  Dongdai Lin,et al.  On implementing the symbolic preprocessing function over Boolean polynomial rings in Gröbner basis algorithms using linear algebra , 2016, J. Syst. Sci. Complex..

[42]  N. Courtois,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[43]  Martin R. Albrecht,et al.  Cold Boot Key Recovery by Solving Polynomial Systems with Noise , 2011, ACNS.

[44]  Nicolas Courtois,et al.  Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt , 2002, ICISC.

[45]  Zhenyu Huang,et al.  Characteristic set algorithms for equation solving in finite fields , 2012, J. Symb. Comput..

[46]  Lars R. Knudsen,et al.  Bivium as a Mixed-Integer Linear Programming Problem , 2009, IMACC.

[47]  Wenjun Wu,et al.  Basic principles of mechanical theorem proving in elementary geometries , 1986, Journal of Automated Reasoning.

[48]  Hamid Maarouf,et al.  Unmixed-dimensional Decomposition of a Finitely Generated Perfect Differential Ideal , 2001, J. Symb. Comput..

[49]  Tobias Eibach,et al.  Optimising Gröbner Bases on Bivium , 2010, Math. Comput. Sci..

[50]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[51]  Marc Moreno Maza,et al.  Lifting techniques for triangular decompositions , 2005, ISSAC.

[52]  Adi Shamir,et al.  Fast Exhaustive Search for Polynomial Systems in F2 , 2010, IACR Cryptol. ePrint Arch..

[53]  K. Conrad,et al.  Finite Fields , 2018, Series and Products in the Development of Mathematics.

[54]  Antoine Joux,et al.  A Crossbred Algorithm for Solving Boolean Polynomial Systems , 2017, NuTMiC.

[55]  Dongdai Lin,et al.  Some results on theorem proving in geometry over finite fields , 1993, ISSAC '93.

[56]  Joris van der Hoeven,et al.  Characteristic set method for differential-difference polynomial systems , 2009, J. Symb. Comput..

[57]  Xiao-Shan Gao,et al.  Solving parametric algebraic systems , 1992, ISSAC '92.

[58]  Tobias Eibach,et al.  Attacking Bivium Using SAT Solvers , 2008, SAT.

[59]  Wu Wen-tsun Basic principles of mechanical theorem proving in elementary geometries , 1986 .

[60]  Michael Brickenstein,et al.  PolyBoRi: A framework for Gröbner-basis computations with Boolean polynomials , 2009, J. Symb. Comput..

[61]  Dongdai Lin,et al.  A New Method for Solving Polynomial Systems with Noise over $\mathbb{F}_2$ and Its Applications in Cold Boot Key Recovery , 2012, Selected Areas in Cryptography.

[62]  Michael Kalkbrener,et al.  A Generalized Euclidean Algorithm for Computing Triangular Representations of Algebraic Varieties , 1993, J. Symb. Comput..

[63]  Jean-Charles Faugère,et al.  On the complexity of solving quadratic Boolean systems , 2011, J. Complex..

[64]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[65]  Christiaan E. van de Woestijne,et al.  Deterministic equation solving over finite fields , 2005, ISSAC.

[66]  Dongming Wang,et al.  An Elimination Method for Polynomial Systems , 1993, J. Symb. Comput..

[67]  Luk Bettale,et al.  Hybrid approach for solving multivariate systems over finite fields , 2009, J. Math. Cryptol..

[68]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[69]  Bo Zhang,et al.  Solving SAT by algorithm transform of Wu’s method , 2008, Journal of Computer Science and Technology.