Advertisement

A Crossbred Algorithm for Solving Boolean Polynomial Systems

  • Antoine Joux
  • Vanessa Vitse
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10737)

Abstract

We consider the problem of solving multivariate systems of Boolean polynomial equations: starting from a system of m polynomials of degree at most d in n variables, we want to find its solutions over \(\mathbb {F}_2\). Except for \(d=1\), the problem is known to be NP-hard, and its hardness has been used to create public cryptosystems; this motivates the search for faster algorithms to solve this problem. After reviewing the state of the art, we describe a new algorithm and show that it outperforms previously known methods in a wide range of relevant parameters. In particular, the first named author has been able to solve all the Fukuoka Type I MQ challenges, culminating with the resolution of a system of 148 quadratic equations in 74 variables in less than a day (and with a lot of luck).

Keywords

Multivariate polynomial systems Gröbner basis XL Multivariate cryptography Algebraic cryptanalysis 

References

  1. 1.
    Bardet, M., Faugère, J.-C., Salvy, B., Spaenlehauer, P.-J.: On the complexity of solving quadratic Boolean systems. J. Complex. 29(1), 53–75 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic behaviour of the degree of regularity of semi-regular polynomial systems. Presented at MEGA 2005, Eighth International Symposium on Effective Methods in Algebraic Geometry (2005)Google Scholar
  3. 3.
    Bouillaguet, C., Chen, H.-C., Cheng, C.-M., Chou, T., Niederhagen, R., Shamir, A., Yang, B.-Y.: Fast exhaustive search for polynomial systems in \({\mathbb{F}_2}\). In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 203–218. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_14 CrossRefGoogle Scholar
  4. 4.
    Cheng, C.-M., Chou, T., Niederhagen, R., Yang, B.-Y.: Solving quadratic equations with XL on parallel architectures. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 356–373. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33027-8_21 CrossRefGoogle Scholar
  5. 5.
    Courtois, N.T.: Algebraic attacks over \(GF(2^{k})\), application to HFE challenge 2 and Sflash-v2. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 201–217. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24632-9_15 CrossRefGoogle Scholar
  6. 6.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_27 CrossRefGoogle Scholar
  7. 7.
    Cox, D.A., Little, J., O’Shea, D.: Using Algebraic Geometry, 2nd edn. Springer, New York (2005).  https://doi.org/10.1007/b138611 zbMATHGoogle Scholar
  8. 8.
    Dubois, V., Gama, N.: The degree of regularity of HFE systems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 557–576. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_32 CrossRefGoogle Scholar
  9. 9.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. Algebra 139(1–3), 61–88 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Proceedings of ISSAC 2002, pp. 75–83. ACM, New York (2002)Google Scholar
  11. 11.
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using Gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_3 CrossRefGoogle Scholar
  12. 12.
    Fraenkel, A.S., Yesha, Y.: Complexity of problems in games, graphs and algebraic equations. Discret. Appl. Math. 1, 15–30 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Fusco, G., Bach, E.: Phase transition of multivariate polynomial systems. Math. Struct. Comput. Sci. 19(1), 9–23 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Granboulan, L., Joux, A., Stern, J.: Inverting HFE is quasipolynomial. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 345–356. Springer, Heidelberg (2006).  https://doi.org/10.1007/11818175_20 CrossRefGoogle Scholar
  15. 15.
    Impagliazzo, R., Paturi, R.: On the complexity of \(k\)-SAT. J. Comput. Syst. Sci. 62(2), 367–375 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced Oil and Vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_15 CrossRefGoogle Scholar
  17. 17.
    Lazard, D.: Gröbner bases, Gaussian elimination and resolution of systems of algebraic equations. In: van Hulzen, J.A. (ed.) EUROCAL 1983. LNCS, vol. 162, pp. 146–156. Springer, Heidelberg (1983).  https://doi.org/10.1007/3-540-12868-9_99 CrossRefGoogle Scholar
  18. 18.
    Lokshtanov, D., Paturi, R., Tamaki, S., Williams, R., Yu, H.: Beating brute force for systems of polynomial equations over finite fields. In: 27th ACM-SIAM Symposium on Discrete Algorithms (SODA 2017) (to appear)Google Scholar
  19. 19.
    Montgomery, P.L.: A block Lanczos algorithm for finding dependencies over GF(2). In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 106–120. Springer, Heidelberg (1995).  https://doi.org/10.1007/3-540-49264-X_9 CrossRefGoogle Scholar
  20. 20.
    Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9_4 CrossRefGoogle Scholar
  21. 21.
    Thomae, E., Wolf, C.: Solving underdetermined systems of multivariate quadratic equations revisited. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 156–171. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_10 CrossRefGoogle Scholar
  22. 22.
    Thomé, E.: Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm. J. Symb. Comput. 33(5), 757–775 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Yang, B.-Y., Chen, J.-M.: All in the XL family: theory and practice. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 67–86. Springer, Heidelberg (2005).  https://doi.org/10.1007/11496618_7 CrossRefGoogle Scholar
  24. 24.
    Yang, B.-Y., Chen, J.-M., Courtois, N.T.: On asymptotic security estimates in XL and Gröbner bases-related algebraic cryptanalysis. In: Lopez, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 401–413. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30191-2_31 CrossRefGoogle Scholar
  25. 25.
    Yasuda, T., Dahan, X., Huang, Y.-J., Takagi, T., Sakurai, K.: MQ challenge: hardness evaluation of solving multivariate quadratic problems. In: NIST Workshop on Cybersecurity in a Post-Quantum World (2015). http://eprint.iacr.org/2015/275

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Chaire de Cryptologie de la Fondation de l’UPMC, Sorbonne Universités, UPMC Univ Paris 06, CNRS, LIP6 UMR 7606ParisFrance
  2. 2.Institut FourierUniversité Grenoble-AlpesGrenobleFrance

Personalised recommendations