Advertisement

Designs, Codes and Cryptography

, Volume 49, Issue 1–3, pp 147–160 | Cite as

Solving Multiple Right Hand Sides linear equations

  • Håvard Raddum
  • Igor Semaev
Article

Abstract

A new method for solving algebraic equation systems common in cryptanalysis is proposed. Our method differs from the others in that the equations are not represented as multivariate polynomials, but as a system of Multiple Right Hand Sides linear equations. The method was tested on scaled versions of the AES. The results overcome significantly what was previously achieved with Gröbner Basis related algorithms.

AMS Classifications

68W30 11T71 13–04 

Keywords

Multiple Right Hand Sides linear equations Algebraic attacks AES 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bard G., Courtois N., Jefferson C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over GF(2) via SAT-solvers. Cryptology ePrint Archive, 2007/024, 25 January (2007).Google Scholar
  2. 2.
    Cheon J.H., Lee D.H.: Resistance of S-Boxes against Algebraic Attacks. In: Fast Software Encryption 2004, LNCS 3017, pp. 83–94. Springer-Verlag (2004).Google Scholar
  3. 3.
    Cid C., Murphy S., Robshaw M.: Small scale variants of the AES. In: FSE 2005, LNCS 3557, pp. 145–162. Springer-Verlag (2005).Google Scholar
  4. 4.
    Courtois N.: The security of hidden field equations (HFE). In: CT-RSA 2001, LNCS 2020, pp. 266–281. Springer-Verlag (2001).Google Scholar
  5. 5.
    Courtois N., Pieprzyk J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Asiacrypt 2002, LNCS 2501, pp. 267–287. Springer-Verlag (2002).Google Scholar
  6. 6.
    Courtois N., Meier W.: Algebraic attacks on stream ciphers with linear feedback. In: Eurocrypt 2003, LNCS 2656, pp. 345–359. Springer-Verlag (2003).Google Scholar
  7. 7.
    Daemen J., Rijmen V.: The design of rijndael; AES—the advanced encryption standard. Springer-Verlag (2002).Google Scholar
  8. 8.
    Faugère J.-C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139, 61–88 (1999).MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Faugère J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Proceedings of ISSAC ’02, pp. 75–83. ACM Press (2002).Google Scholar
  10. 10.
    Raddum H., Semaev I.: New technique for solving sparse equation systems, Ecrypt’s STVL website, January 16th 2006, see also Cryptology ePrint Archive, 2006/475 (2006).Google Scholar
  11. 11.
    Raddum H., Semaev I.: Solving MRHS linear equations. Extended abstract. In: Proceedings of WCC’07, 16-20 Avril 2007, Versailles, France, INRIA, 323–332, Full paper is accepted in Designs, Codes and Cryptography (2007).Google Scholar
  12. 12.
    Shamir A., Patarin J., Courtois N., Klimov A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Eurocrypt 2000, LNCS 1807, pp. 392–407. Springer-Verlag (2000).Google Scholar
  13. 13.
    Zakrevskij A., Vasilkova I.: Reducing large systems of Boolean equations. In: 4th International Workshop on Boolean Problems, Freiberg University, September, 21–22 (2000).Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  1. 1.Department of InformaticsUniversity of BergenBergenNorway

Personalised recommendations