General Principles of Algebraic Attacks and New Design Criteria for Cipher Components

This paper is about the design of multivariate public key schemes, as well as block and stream ciphers, in relation to recent attacks that exploit various types of multivariate algebraic relations. We survey these attacks focusing on their common fundamental principles and on how to avoid them. From this we derive new very general design criteria, applicable for very different cryptographic components. These amount to avoiding (if possible) the existence of, in some sense “too simple” algebraic relations. Though many ciphers that do not satisfy this new paradigm probably still remain secure, the design of ciphers will never be the same again.

[1]  Harald Niederreiter,et al.  Finite fields: Author Index , 1996 .

[2]  Lars R. Knudsen,et al.  Attacks on Block Ciphers of Low Algebraic Degree , 2001, Journal of Cryptology.

[3]  Vincent Rijmen,et al.  The Cipher SHARK , 1996, FSE.

[4]  Anne Canteaut,et al.  Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis , 2002, EUROCRYPT.

[5]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[6]  Nicolas Courtois Feistel Schemes and Bi-linear Cryptanalysis , 2004, CRYPTO.

[7]  Jovan Dj. Golic On the Security of Nonlinear Filter Generators , 1996, FSE.

[8]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[9]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[10]  Matthew J. B. Robshaw,et al.  Non-Linear Approximations in Linear Cryptanalysis , 1996, EUROCRYPT.

[11]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[12]  Nicolas Courtois,et al.  Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt , 2002, ICISC.

[13]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[14]  Adi Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[15]  Matthew J. B. Robshaw,et al.  Essential Algebraic Structure within the AES , 2002, CRYPTO.

[16]  A. Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem , 1999 .

[17]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[18]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[19]  Jacques Patarin,et al.  About the XL Algorithm over GF(2) , 2003, CT-RSA.

[20]  Claude Carlet,et al.  Algebraic Attacks and Decomposition of Boolean Functions , 2004, EUROCRYPT.

[21]  Serge Vaudenay,et al.  On the Use of GF-Inversion as a Cryptographic Primitive , 2003, Selected Areas in Cryptography.

[22]  Philip Hawkes,et al.  Rewriting Variables: The Complexity of Fast Algebraic Attacks on Stream Ciphers , 2004, CRYPTO.

[23]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[24]  Nicolas Courtois,et al.  The Inverse S-Box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers , 2004, AES Conference.

[25]  Magnus Daum,et al.  On the Security of HFE, HFEv- and Quartz , 2003, Public Key Cryptography.

[26]  Nicolas Courtois Algebraic Attacks on Combiners with Memory and Several Outputs , 2003, ICISC.

[27]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[28]  Don Coppersmith,et al.  Matrix multiplication via arithmetic progressions , 1987, STOC.

[29]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[30]  Niels Ferguson,et al.  A Simple Algebraic Representation of Rijndael , 2001, Selected Areas in Cryptography.

[31]  A. Menezes,et al.  Applications of Finite Fields , 1992 .

[32]  Thomas Jakobson,et al.  Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree , 1998, CRYPTO.

[33]  Frederik Armknecht,et al.  Improving Fast Algebraic Attacks , 2004, FSE.

[34]  N. Courtois,et al.  La sécurité des primitives cryptographiques basées sur des problèmes algébriques multivariables MQ, IP, MinRank, HFE , 2001 .

[35]  Josef Pieprzyk,et al.  Algebraic Attacks on SOBER-t32 and SOBER-t16 without Stuttering , 2004, FSE.

[36]  Frederik Armknecht,et al.  Algebraic Attacks on Combiners with Memory , 2003, CRYPTO.

[37]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[38]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[39]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[40]  Nicolas Courtois Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[41]  Willi Meier,et al.  Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[42]  Jacques Patarin,et al.  Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88 , 1995, CRYPTO.

[43]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[44]  Thomas Jakobsen Higher-Order Cryptanalysis of Block Ciphers , 1999 .

[45]  Nicolas Courtois,et al.  The Security of Hidden Field Equations (HFE) , 2001, CT-RSA.

[46]  Dong Hoon Lee,et al.  Algebraic Attacks on Summation Generators , 2004, FSE.

[47]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .