Abstract
We consider the problem of finding low-weight multiples of polynomials over binary fields, which arises in stream cipher cryptanalysis or in finite field arithmetic. We first devise memory-efficient algorithms based on the recent advances in techniques for solving the knapsack problem. Then, we tune our algorithms using the celebrated Parallel Collision Search (PCS) method to decrease the time cost at the expense of a slight increase in space. Both our memory-efficient and time-memory trade-off algorithms improve substantially the state-of-the-art. The gain is for instance remarkable for large weights; a situation which occurs when the available keystream is small, e.g. the Bluetooth keystream.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Becker, A., Coron, J.S., Joux, A.: Improved generic algorithms for hard knapsacks. In: Advances in Cryptology - EUROCRYPT 2011, pp. 364–385 (2011)
Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in 2\(^{{\rm n/20}}\): How 1+1=0 improves information set decoding. In: EUROCRYPT 2012, pp. 520–536 (2012)
Brent, R.P., Zimmermann, P.: Algorithms for finding almost irreducible and almost primitive trinomials (2003), lectures in Honour of the Sixtieth Birthday of Hugh Cowie Williams (2003)
Brent, R.P.: an improved monte carlo factorization algorithm. BIT Numerical Mathematics, pp. 176–184 (1980)
Canteaut, A., Chabaud, F.: A new algorithm for finding minimum-weight words in a linear code: application to mceliece’s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Trans. Inf. Theory 44, 367–378 (1998)
Canteaut, A., Trabbia, M.: Improved fast correlation attacks using parity-check equations of weight 4 and 5. In: Preneel, B. (ed.) Advances in Cryptology - Eurocrypt 2000. LNCS, vol. 1807, pp. 573, 588. Springer (2000). https://doi.org/10.1007/3-540-45539-6_40
Chose, P. Joux, A., Mitton, M.: Fast correlation attacks: an algorithmic point of view. In: Knudsen, L.R. (ed.) Advances in Cryptology - Eurocrypt 2002. LNCS, vol. 2332, pp. 209, 221. Springer (2002). https://doi.org/10.1007/3-540-46035-7_14
Didier, J., Laigle-Chapuy, Y.: finding low-weight polynomial multiples using discrete logarithm. In: IEEE International Symposium on Information Theory ISIT’07. p. to appear. Nice, France (2007)
El Aimani, L.: A new approach for finding low-weight polynomial multiples. IACR Cryptol. ePrint Arch. 2021, 586 (2021)
El Aimani, L., von zur Gathen, J.: Finding low weight polynomial multiples using lattices. Poster session of the LLL + 25 conference (2007), full version available at the Cryptology ePrint Archive, Report 2007/423
Esser, A., May, A.: Low weight discrete logarithm and subset sum in 2\({}^{\text{0.65n}}\) with polynomial memory. In: Advances in Cryptology - EUROCRYPT 2020, pp. 94–122 (2020)
Galbraith, S.D.: Mathematics of Public Key Cryptography. Cambridge University Press (2012)
von zur Gathen, J., Nöcker, M.: Polynomial and normal bases for finite fields. J. Cryptol. 18(4), 337–355 (2005), http://gatnoe03b.pdf
Lenstra, A., Lenstra, H., Lovasz, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982)
Löndahl, C., Johansson, T.: Improved algorithms for finding low-weight polynomial multiples in F\({}_{\text{2 }}\)[x] and some cryptographic applications. Des. Codes Cryptogr. 73, 625–640 (2014)
Lu, Y., Vaudenay, S.: Faster correlation attack on Bluetooth keystream generator E0. In: Franklin, M.K. (ed.) Advances in Cryptology - Crypto 2004. LNCS, vol. 3152, pp. 407, 425. Springer (2004). https://doi.org/10.1007/978-3-540-28628-8_25
May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \$\(\text{tilde }\{\text{ mathcal }\{\text{ O }\}\}(2^{\wedge }0.054{\rm n})\)\$. In: Advances in Cryptology - ASIACRYPT 2011 (2011)
May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: Advances in Cryptology - EUROCRYPT 2015, pp. 203–228 (2015)
Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. J. Cryptol. 1, 159–176 (1989)
van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12, 1–28 (1999)
Penzhorn, W.T., Kühn, G.J.: Computation of low-weight parity checks for correlation attacks on stream ciphers. In: Cryptography and Coding, pp. 74–83 (1995)
Peterlongo, P., Sala, M., Tinnirello, C.: A discrete logarithm-based approach to compute low-weight multiples of binary polynomials. Finite Fields Their Appl. 38, 57–71 (2016)
Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Trans. Comput. C-34(1), 81–84 (1985)
Stern, J.: A method for finding codewords of small weight. In: Coding Theory and Application, pp. 106–113 (1988)
Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) Advances in Cryptology - Crypto 2002. LNCS, vol. 2442, pp. 288–304. Springer (2002). https://doi.org/10.1007/3-540-45708-9_19
Acknowledgments
I thank the anonymous reviewers of Inscrypt 2021, for their useful remarks and suggestions that substantially improved the quality of the present paper.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
El Aimani, L. (2021). A New Approach for Finding Low-Weight Polynomial Multiples. In: Yu, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2021. Lecture Notes in Computer Science(), vol 13007. Springer, Cham. https://doi.org/10.1007/978-3-030-88323-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-88323-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-88322-5
Online ISBN: 978-3-030-88323-2
eBook Packages: Computer ScienceComputer Science (R0)